cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enquiry on SQL Anywhere 17.0.10.6089: "SAP JRE" JRE180 Security Vulnerability

Go to solution
yy25
Explorer

on ‎2025 Feb 06 8:35 AM

0 Kudos
272

Hi, I'm currently using SAP Anywhere 17.0.10.6089 as the database for our application. SAP JRE located at `C:\Program Files\SQL Anywhere 17\bin64\jre180`. The installed JRE version is 8.0.31.

Did this version of SAP JRE (8.0.31) have any known security vulnerabilities? If so, I would appreciate guidance on how to obtain and apply the necessary updates or patches to mitigate the risks.

Thank you.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
chris_keating
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 06 4:28 PM
0 Kudos

There are no known security vulnerabilities in the JRE that impact SQL Anywhere use. Ee do document some CVEs that scanners may report and identify the SQL Anywhere update which contains a JRE version that has the mitigation of the CVE. Scanners report vulnerabilities in JRE shipped with SQL Anywhere.

We have updated the JRE, as other 3rd party components including SAP components, a number of times in the past years. SQL Anywhere is now shipping with Java version 1.8.0 381.

There are also multiple security notes related to SQL Anywhere (Component BC-SYB-SQA) which do impact the version your are running.  I would encourage you to update to a recent release to mitigate those issues. 

Show replies
Show replies
yy25
Explorer
‎2025 Feb 07 6:38 AM
0 Kudos
Hi Chris,
yy25
Explorer
‎2025 Feb 07 6:40 AM
0 Kudos
Hi Chris, I click on the link for 'Scanners report vulnerabilities in JRE shipped with SQL Anywhere' but cannot see anything. Is it ok to share the details with me? Thank you
chris_keating
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 07 5:33 PM
The link was posted incorrectly. Here is the correct link: https://me.sap.com/notes/3218861
yy25
Explorer
‎2025 Feb 08 2:34 AM
0 Kudos
Hi Chris, my account doesn't seem have access to this KB. Is it possible to save as pdf and share?
chris_keating
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 08 6:50 PM
I am can only direct you to the KBA - I guess it requires a s-account to access. In summary, the KBA is listing CVEs that scanners will report as issues with the SQL Anywhere shipped JRE. SQL Anywhere use of the JRE are not at risk to those CVEs. But we did update the JRE as part of a periodic refresh of their party components.
Ask a Question