Lucene search

[email protected]NVD:CVE-2022-41259

HistoryNov 08, 2022 - 10:15 p.m.

CVE-2022-41259

2022-11-0822:15:19

CWE-89

[email protected]

web.nvd.nist.gov

sap sql anywhere

version 17.0

cve-2022-41259

array constructor attack

database server

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.

Affected configurations

Nvd

Node

sapsql_anywhereMatch17.0

VendorProductVersionCPE
sapsql_anywhere17.0cpe:2.3:a:sap:sql_anywhere:17.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	sql_anywhere	17.0	cpe:2.3:a:sap:sql_anywhere:17.0:::::::*

References

launchpad.support.sap.com/#/notes/3229987

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

Related for NVD:CVE-2022-41259

prion1 cvelist1 cve1