Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-30223

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

Published

2023-06-16T17:15:11.897

Last Modified

2024-11-21T07:59:55.393

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	4d	server	17	Yes
Application	4d	server	18	Yes
Application	4d	server	18	Yes
Application	4d	server	19	Yes
Application	4d	server	19	Yes

References

https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/ ([email protected])
https://packetstormsecurity.com Not Applicable, Third Party Advisory, VDB Entry ([email protected])
https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/ Exploit ([email protected])
https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/ (af854a3a-2127-422b-91ae-364da2661108)
https://packetstormsecurity.com Not Applicable, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/ Exploit (af854a3a-2127-422b-91ae-364da2661108)