PT-2017-17894 · Sap · Sap As Java Sso Authentication Library

Published

2017-04-14

Updated

2019-10-03

CVE-2017-7696

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SAP AS JAVA SSO Authentication Library versions 2.0 through 3.0

Description The issue allows remote attackers to cause a denial of service, specifically memory consumption, by providing large values in the width and height parameters to the "otp logon ui resources/qr" API endpoint.

Recommendations For SAP AS JAVA SSO Authentication Library versions 2.0 through 3.0, restrict access to the "otp logon ui resources/qr" API endpoint to minimize the risk of exploitation. Avoid using large values in the width and height parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2017-7696

Affected Products

Sap As Java Sso Authentication Library

PT-2017-17894 · Sap · Sap As Java Sso Authentication Library

CVE-2017-7696

Weakness Enumeration

Related Identifiers

Affected Products

References · 3