CVE-2019-0381

Name of the Vulnerable Software and Affected Versions SAP SQL Anywhere versions prior to 17.0 SAP IQ versions prior to 16.1 SAP Dynamic Tiering versions prior to 1.0 and 2.0

Description The issue is related to insufficient protection of registration data in SAP SQL Anywhere, SAP IQ, and SAP Dynamic Tiering, which can allow a remote attacker to gain unauthorized access to protected information. This can result in the inadvertent access of files located in directories outside of the paths specified by the user, due to a binary planting vulnerability.

Recommendations For SAP SQL Anywhere versions prior to 17.0, update to version 17.0 or later to resolve the issue. For SAP IQ versions prior to 16.1, update to version 16.1 or later to resolve the issue. For SAP Dynamic Tiering versions prior to 1.0 and 2.0, update to version 1.0 or 2.0 or later to resolve the issue.