Memory Corruption Vulnerability in SAP SQL Anywhere and SAP IQ
CVE-2022-35299

9.8CRITICAL

Key Information:

Vendor
SAP
Status
SAP Sql Anywhere
SAP Iq
Vendor
CVE Published:
11 October 2022

Summary

SAP SQL Anywhere version 17.0 and SAP IQ version 16.1 are susceptible to a memory corruption vulnerability that arises from logical errors in memory management. This flaw may be exploited to trigger conditions such as stack-based buffer overflow, leading to potential disruption of service and unauthorized access to confidential data. It is critical for organizations using these products to evaluate their systems and apply necessary security updates to mitigate potential threats.

Affected Version(s)

SAP IQ 16.1

SAP SQL Anywhere 17.0

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
https://launchpad.support.sap.com/#/notes/3232021

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.