CVE-2023-30223

Exploit

EPSS 0.03%
Published 16.06.2023 17:15:11
Last modified 21.11.2024 07:59:55
Source cve@mitre.org
Teams watchlist Login
Open Login

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

4d ≫ Server Version17

4d ≫ Server Version18 Update-

4d ≫ Server Version18 Updater5

4d ≫ Server Version19 Update-

4d ≫ Server Version19 Updater7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://packetstormsecurity.com

Third Party Advisory

VDB Entry

Not Applicable

https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/

https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-30223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30223

EUVD