CVE-2022-41259

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 31.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP SQL AnywhereSAP SQL Anywhere
Timeline
PublishedNov 8
Latest updateDec 4

Description

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_sql_anywhere= 17.0

🔴Vulnerability Details

3
OSV
request-tracker4 vulnerabilities2023-12-04
GHSA
GHSA-w86f-xj88-2xxm: SAP SQL Anywhere - version 172022-11-09
CVEList
CVE-2022-41259: SAP SQL Anywhere - version 172022-11-08
CVE-2022-41259 (MEDIUM CVSS 6.5) | SAP SQL Anywhere - version 17.0 | cvebase.io