Lucene search

SapCVE-2022-41259

HistoryNov 08, 2022 - 10:15 p.m.

CVE-2022-41259

2022-11-0822:15:19

CWE-89

sap

web.nvd.nist.gov

sap

sql anywhere

v17.0

vulnerability

authenticated attacker

crash

server

malicious queries

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.

Affected configurations

Nvd

Node

sapsql_anywhereMatch17.0

VendorProductVersionCPE
sapsql_anywhere17.0cpe:2.3:a:sap:sql_anywhere:17.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	sql_anywhere	17.0	cpe:2.3:a:sap:sql_anywhere:17.0:::::::*

CNA Affected

[
  {
    "vendor": "SAP SE",
    "product": "SAP SQL Anywhere",
    "versions": [
      {
        "version": "= 17.0",
        "status": "affected"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3229987

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVE-2022-41259