CVE-2023-33990

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jul 11, 2023

Updated: Jul 19, 2023

CWE ID 732

Summary

CVE-2023-33990 is a vulnerability affecting SAP SQL Anywhere version 17.0 on Windows. A low-privileged attacker with access to the local system can write into shared memory objects, leading to a Denial of Service (DoS) attack by crashing the service. Additionally, an attacker may be able to modify sensitive data in these objects. This issue does not impact SAP SQL Anywhere on other platforms.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SQL Anywhere

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8yGO8
https://www.cve.org/CVERecord?id=CVE-2023-33990
https://nvd.nist.gov/vuln/detail/CVE-2023-33990

Back to Vulnerability Database