CVE-2017-5371

Published: Jan 23, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.

Affected (1)

Products: Sybase: Adaptive Server Enterprise

Sybase

1 product

Adaptive Server Enterprise

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sybase Adaptive Server Enterprise	Version 16.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://packetstormsecurity.com/files/140610/SAP-ASE-ODATA-Server-16-Denial-Of-Service.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Jan/47

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/93545

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://erpscan.io/advisories/erpscan-16-036-sap-ase-odata-server-denial-service/

Source: cve@mitre.org

https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/

Source: cve@mitre.org

http://packetstormsecurity.com/files/140610/SAP-ASE-ODATA-Server-16-Denial-Of-Service.html