Lucene search

SapCVELIST:CVE-2022-41259

HistoryNov 08, 2022 - 12:00 a.m.

CVE-2022-41259

2022-11-0800:00:00

CWE-89

sap

www.cve.org

sap

sql anywhere

v17.0

vulnerability

server crash

array constructor

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.

CNA Affected

[
  {
    "vendor": "SAP SE",
    "product": "SAP SQL Anywhere",
    "versions": [
      {
        "version": "= 17.0",
        "status": "affected"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3229987

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVELIST:CVE-2022-41259