Lucene search

[email protected]NVD:CVE-2022-27670

HistoryApr 12, 2022 - 5:15 p.m.

CVE-2022-27670

2022-04-1217:15:10

CWE-99

[email protected]

web.nvd.nist.gov

sap sql anywhere

version 17.0

authenticated attacker

database server

crashing

indirect identifiers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.

Affected configurations

Nvd

Node

sapsql_anywhereMatch17.0

VendorProductVersionCPE
sapsql_anywhere17.0cpe:2.3:a:sap:sql_anywhere:17.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	sql_anywhere	17.0	cpe:2.3:a:sap:sql_anywhere:17.0:::::::*

References

launchpad.support.sap.com/#/notes/3148094

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

Related for NVD:CVE-2022-27670

prion1 cvelist1 cve1