CVE-2023-30223

Exploit

EPSS 0.03%
Veröffentlicht 16.06.2023 17:15:11
Zuletzt bearbeitet 21.11.2024 07:59:55
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

4d ≫ Server Version17

4d ≫ Server Version18 Update-

4d ≫ Server Version18 Updater5

4d ≫ Server Version19 Update-

4d ≫ Server Version19 Updater7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://packetstormsecurity.com

Third Party Advisory

VDB Entry

Not Applicable

https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/

https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-30223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30223

EUVD