CVE-2023-30222

Exploit

EPSS 0.3%
Published 16.06.2023 17:15:11
Last modified 21.11.2024 07:59:55
Source cve@mitre.org
Teams watchlist Login
Open Login

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

4d ≫ Server Version17

4d ≫ Server Version18 Update-

4d ≫ Server Version18 Updater5

4d ≫ Server Version19 Update-

4d ≫ Server Version19 Updater7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.527

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://packetstormsecurity.com

Third Party Advisory

VDB Entry

Not Applicable

https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/

https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-30222

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30222

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30222

EUVD