CVE-2023-33990

EPSS 0.04%
Veröffentlicht 11.07.2023 03:15:09
Zuletzt bearbeitet 21.11.2024 08:06:21
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Denial of Service (DoS) vulnerability in SAP SQL Anywhere

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Sql Anywhere Version17.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.134

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
cna@sap.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-277 Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vendor Advisory

https://me.sap.com/notes/3331029

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-33990

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33990

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33990

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-33990