CVE-2021-38177

Name of the Vulnerable Software and Affected Versions: SAP CommonCryptoLib versions 8.5.38 or lower

Description: The issue is related to a null pointer dereference vulnerability. When an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, it causes the SAP application to crash. This has a high impact on the availability of the SAP system.

Recommendations: For SAP CommonCryptoLib versions 8.5.38 or lower, update to a version higher than 8.5.38 to resolve the issue. As a temporary workaround, consider restricting access to the SAP application to minimize the risk of exploitation.