SAP Sql Anywhere
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SAP Sql Anywhere.
By the Year
In 2026 there have been 0 vulnerabilities in SAP Sql Anywhere. Last year, in 2025 Sql Anywhere had 1 security vulnerability published. Right now, Sql Anywhere is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 10.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.10 |
| 2022 | 3 | 7.60 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 5.50 |
It may take a day or so for new Sql Anywhere vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Sql Anywhere Security Vulnerabilities
SQL Anywhere Monitor Non-GUI Credential Leak A/C Execution
CVE-2025-42890
10 - Critical
- November 11, 2025
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.
Use of Hard-coded Credentials
SAP SQL Anywhere 17.0 DOS via Shared Memory Write
CVE-2023-33990
7.1 - High
- July 11, 2023
SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.
Insecure Inherited Permissions
SAP SQL Anywhere 17.0 ARRAY Query Crash Denial of Service
CVE-2022-41259
6.5 - Medium
- November 08, 2022
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.
SAP SQL Anywhere 17.0 & SAP IQ 16.1: Stack Buffer Overflow via Memory Corrupt
CVE-2022-35299
9.8 - Critical
- October 11, 2022
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.
Stack Overflow
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries
CVE-2022-27670
6.5 - Medium
- April 12, 2022
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.
Insecure Direct Object Reference
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0
CVE-2019-0381
5.5 - Medium
- October 08, 2019
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
Files or Directories Accessible to External Parties
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Sql Anywhere or by SAP? Click the Watch button to subscribe.
