Lucene search

[email protected]CVE-2023-33990

HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-33990

2023-07-1103:15:09

CWE-732

[email protected]

web.nvd.nist.gov

sap

sql anywhere

version 17.0

cve-2023-33990

denial of service

windows

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.

Affected configurations

NVD

Node

sapsql_anywhereMatch17.0

CPENameOperatorVersion
sap:sql_anywheresap sql anywhereeq17.0

CPE	Name	Operator	Version
sap:sql_anywhere	sap sql anywhere	eq	17.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP SQL Anywhere",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "17.0"
      }
    ]
  }
]

References

me.sap.com/notes/3331029

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-33990

nvd1 prion1 cvelist1