Lucene search

SapCVE-2023-33990

HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-33990

2023-07-1103:15:09

CWE-732

CWE-277

sap

web.nvd.nist.gov

sap

sql anywhere

version 17.0

cve-2023-33990

denial of service

windows

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.

Affected configurations

Nvd

Node

sapsql_anywhereMatch17.0

VendorProductVersionCPE
sapsql_anywhere17.0cpe:2.3:a:sap:sql_anywhere:17.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	sql_anywhere	17.0	cpe:2.3:a:sap:sql_anywhere:17.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP SQL Anywhere",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "17.0"
      }
    ]
  }
]

References

me.sap.com/notes/3331029

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-33990