CVE-2023-33990Insecure Inherited Permissions in SE SAP SQL Anywhere

CWE-277Insecure Inherited PermissionsCWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.1HIGHNVD
CNA7.8
EPSS
0.0%
top 87.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP SQL AnywhereSAP SQL Anywhere
Timeline
PublishedJul 11

Description

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5sap_se/sap_sql_anywhere17.0

🔴Vulnerability Details

2
GHSA
GHSA-fj2m-7r3q-j27x: SAP SQL Anywhere - version 172023-07-11
CVEList
Denial of Service (DoS) vulnerability in SAP SQL Anywhere2023-07-11
CVE-2023-33990 — Insecure Inherited Permissions | cvebase