CVE-2022-41259

Name of the Vulnerable Software and Affected Versions SAP SQL Anywhere version 17.0

Description The issue is related to the lack of protection for the SQL query structure in SAP SQL Anywhere. An authenticated attacker can exploit this by crashing the server with specially crafted queries that use an ARRAY constructor, preventing legitimate users from accessing the database server.

Recommendations For SAP SQL Anywhere version 17.0, consider restricting the use of the ARRAY constructor in queries until a patch is available. As a temporary workaround, limit access to the database server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.