Lucene search

[email protected]CVE-2023-30222

HistoryJun 16, 2023 - 5:15 p.m.

CVE-2023-30222

2023-06-1617:15:11

CWE-295

[email protected]

web.nvd.nist.gov

cve-2023-30222

information disclosure

4d sas

4d server application

password hashes

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.

Affected configurations

NVD

Node

4dserverMatch17

4dserverMatch18-

4dserverMatch18r5

4dserverMatch19-

4dserverMatch19r7

CPENameOperatorVersion
4d:server4d servereq17
4d:server4d servereq18
4d:server4d servereq19

CPE	Name	Operator	Version
4d:server	4d server	eq	17
4d:server	4d server	eq	18
4d:server	4d server	eq	19

References

blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/

packetstormsecurity.com

www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2023-30222

cvelist1 nvd1 prion1