4.9
CVE-2023-36924
- EPSS 0.1%
- Published 11.07.2023 03:15:10
- Last modified 21.11.2024 08:10:56
- Source cna@sap.com
- Teams watchlist Login
- Open Login
While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Erp Defense Forces And Public Security Version600
SAP ≫ Erp Defense Forces And Public Security Version603
SAP ≫ Erp Defense Forces And Public Security Version604
SAP ≫ Erp Defense Forces And Public Security Version605
SAP ≫ Erp Defense Forces And Public Security Version616
SAP ≫ Erp Defense Forces And Public Security Version617
SAP ≫ Erp Defense Forces And Public Security Version618
SAP ≫ Erp Defense Forces And Public Security Version802
SAP ≫ Erp Defense Forces And Public Security Version803
SAP ≫ Erp Defense Forces And Public Security Version804
SAP ≫ Erp Defense Forces And Public Security Version805
SAP ≫ Erp Defense Forces And Public Security Version806
SAP ≫ Erp Defense Forces And Public Security Version807
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.274 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
| cna@sap.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
CWE-117 Improper Output Neutralization for Logs
The product does not neutralize or incorrectly neutralizes output that is written to logs.