First published: Tue Nov 08 2022(Updated: )
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP SQL Anywhere | =17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41259 is a vulnerability in SAP SQL Anywhere version 17.0 that allows an authenticated attacker to crash the server with certain queries, preventing legitimate users from accessing the database server.
CVE-2022-41259 has a severity rating of 6.5, which is considered medium.
CVE-2022-41259 affects SAP SQL Anywhere version 17.0, allowing an authenticated attacker to crash the server by using certain queries.
An attacker can exploit CVE-2022-41259 by using certain queries that use an ARRAY constructor to crash the SAP SQL Anywhere server.
Yes, SAP has released a fix for CVE-2022-41259. You can refer to the SAP Security Note 3229987 for more information on how to apply the fix.