CVE-2023-30222

Exploit

EPSS 0.3%
Veröffentlicht 16.06.2023 17:15:11
Zuletzt bearbeitet 21.11.2024 07:59:55
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

4d ≫ Server Version17

4d ≫ Server Version18 Update-

4d ≫ Server Version18 Updater5

4d ≫ Server Version19 Update-

4d ≫ Server Version19 Updater7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.527

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://packetstormsecurity.com

Third Party Advisory

VDB Entry

Not Applicable

https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/

https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-30222

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30222

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30222

EUVD