CVE-2023-33990

Name of the Vulnerable Software and Affected Versions SAP SQL Anywhere version 17.0

Description The issue allows an attacker to prevent legitimate users from accessing the service by crashing it. An attacker with a low-privileged account and access to the local system can write into shared memory objects, potentially leading to a Denial of Service. Additionally, an attacker might be able to modify sensitive data in shared memory objects. This issue only affects SAP SQL Anywhere on Windows, with other platforms not being impacted.

Recommendations For SAP SQL Anywhere version 17.0, consider restricting access to shared memory objects to minimize the risk of exploitation. As a temporary workaround, limit the ability of low-privileged accounts to write into shared memory objects until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.