High severity7.5NVD Advisory· Published Apr 14, 2017· Updated May 13, 2026

CVE-2017-7696

Description

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.

Affected products

SAP/Sso Authentication Library2 versions
cpe:2.3:a:sap:sso_authentication_library:2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sap:sso_authentication_library:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sso_authentication_library:3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

erpscan.io/advisories/erpscan-17-001-sap-java-dos-bc-iam-sso-otp-package-use-qr-servlet/nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000