Denial of Service (DoS) vulnerability in SAP SQL Anywhere
CVE-2023-33990

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP Sql Anywhere
Vendor: CVE Published:; 11 July 2023

What is CVE-2023-33990?

This vulnerability in SAP SQL Anywhere version 17.0 for Windows allows a low privileged attacker with local access to disrupt legitimate users by causing the service to crash. By writing to shared memory objects, the attacker can initiate a Denial of Service attack, preventing user access and potentially compromising sensitive data stored in those objects. This issue does not impact other operating systems.

Affected Version(s)

SAP SQL Anywhere 17.0

References

https://me.sap.com/notes/3331029

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
May 24, 2023