Memory Corruption Vulnerability in SAP SQL Anywhere and SAP IQ
CVE-2022-35299

9.8CRITICAL

Key Information:

Vendor: SAP
Status: SAP Sql Anywhere; SAP Iq
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-35299?

SAP SQL Anywhere version 17.0 and SAP IQ version 16.1 are susceptible to a memory corruption vulnerability that arises from logical errors in memory management. This flaw may be exploited to trigger conditions such as stack-based buffer overflow, leading to potential disruption of service and unauthorized access to confidential data. It is critical for organizations using these products to evaluate their systems and apply necessary security updates to mitigate potential threats.

Affected Version(s)

SAP IQ 16.1

SAP SQL Anywhere 17.0

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3232021

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Jul 7, 2022