CVE-2022-27670

2022-04-1216:11:25

CWE-99

sap

www.cve.org

sap sql anywhere

version 17.0

authenticated attacker

database server

crashing

indirect identifiers

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.

CNA Affected

[
  {
    "product": "SAP SQL Anywhere Server",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "17.0"
      }
    ]
  }
]