CVE-2022-27670 — Resource Injection in SE SAP SQL Anywhere Server

CWE-99 — Resource Injection3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 31.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP SQL Anywhere Server SAP SQL Anywhere

Timeline

PublishedApr 12

Latest updateApr 13

Description

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_sql_anywhere_server17.0

▶NVDsap/sql_anywhere17.0

🔴Vulnerability Details

GHSA

GHSA-prjp-2jgq-v7pw: SAP SQL Anywhere - version 17↗2022-04-13

▶

CVEList

CVE-2022-27670: SAP SQL Anywhere - version 17↗2022-04-12

▶