Description
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2792430
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
18.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (4)
sap/dynamic_tier
1.0
sap/dynamic_tier
2.0
sap/sap_iq
16.1
sap/sql_anywhere
17.0
Published
Oct 08, 2019
Tracked Since
Feb 18, 2026