CVE-2022-35299 SAP SQL Anywhere and IQ can be vulnerable to memory corruption attacks because of logical errors in memory management.

This can be exploited by injecting malicious SQL statements, which can then be executed by the affected server. The update addresses the issue by changing the code to check for and prevent SQL injection attacks. SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. This can be exploited by injecting malicious SQL statements, which can then be executed by the affected server. The update addresses the issue by changing the code to check for and prevent SQL injection attacks. In addition, the update also fixes the following vulnerabilities: - An attacker could leverage CVE-2019-10280 to cause a denial of service condition due to an unspecified error in SAP IQ - version 16.1. - An attacker could leverage CVE-2019-10281 to cause a denial of service condition due to an unspecified error in SAP IQ - version 16.1. - An attacker could exploit an unspecified flaw to cause a denial of service condition due to an unspecified error in SAP IQ - version 16.1. - An attacker could exploit an unspecified flaw to cause a denial of service condition due to an unspecified error in SAP IQ - version 16.1. - An attacker could leverage CVE-2019-10282 to cause a denial of service condition due to an unspecified error in SAP IQ - version 16.1. - An attacker could exploit an unspecified flaw to cause a denial of service condition due

SAP NetWeaver Gateway 7.6 .0

SAP NetWeaver Gateway 7.6.0 addresses the following vulnerabilities: - An attacker could leverage CVE-2019-10233 to cause a denial of service condition due to an unspecified error in SAP IQ - version 16.1. - An attacker could leverage CVE-2019-10313 to cause a denial of service condition due to an unspecified error in SAP IQ - version 16.1. - An attacker could leverage CVE-2019-10314 to cause a denial of service condition due to an unspecified error in SAP IQ - version 16.1.

Timeline

Published on: 10/11/2022 21:15:00 UTC
Last modified on: 10/12/2022 17:31:00 UTC

References

• https://launchpad.support.sap.com/#/notes/3232021
• https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35299