CVE-2023-30223

Опубликовано: 16 июн. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

Ссылки

https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/
https://packetstormsecurity.com
Not Applicable
Third Party Advisory
VDB Entry
https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/
Exploit
https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/
https://packetstormsecurity.com
Not Applicable
Third Party Advisory
VDB Entry
https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:4d:server:17:*:*:*:*:*:*:*

cpe:2.3:a:4d:server:18:-:*:*:*:*:*:*

cpe:2.3:a:4d:server:18:r5:*:*:*:*:*:*

cpe:2.3:a:4d:server:19:-:*:*:*:*:*:*

cpe:2.3:a:4d:server:19:r7:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00027

Низкий

7.5 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-w8fw-c2w3-8j49