PT-2022-18562 · Sap · Sap Sql Anywhere
Published
2022-04-12
·
Updated
2022-04-20
·
CVE-2022-27670
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SAP SQL Anywhere version 17.0
Description
The issue allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.
Recommendations
For SAP SQL Anywhere version 17.0, consider restricting access to queries that use indirect identifiers until a patch is available. As a temporary workaround, monitor server activity closely to quickly respond to potential crashes caused by malicious queries.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Sql Anywhere