Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-36924
HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-36924

2023-07-1103:15:10
CWE-117
[email protected]
web.nvd.nist.gov
2
sap erp
authenticated attacker
syslog compromise

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

30.0%

JSON

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.

Affected configurations

Nvd
Node
saperp_defense_forces_and_public_securityMatch600
OR
saperp_defense_forces_and_public_securityMatch603
OR
saperp_defense_forces_and_public_securityMatch604
OR
saperp_defense_forces_and_public_securityMatch605
OR
saperp_defense_forces_and_public_securityMatch616
OR
saperp_defense_forces_and_public_securityMatch617
OR
saperp_defense_forces_and_public_securityMatch618
OR
saperp_defense_forces_and_public_securityMatch802
OR
saperp_defense_forces_and_public_securityMatch803
OR
saperp_defense_forces_and_public_securityMatch804
OR
saperp_defense_forces_and_public_securityMatch805
OR
saperp_defense_forces_and_public_securityMatch806
OR
saperp_defense_forces_and_public_securityMatch807
VendorProductVersionCPE
saperp_defense_forces_and_public_security600cpe:2.3:a:sap:erp_defense_forces_and_public_security:600:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security603cpe:2.3:a:sap:erp_defense_forces_and_public_security:603:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security604cpe:2.3:a:sap:erp_defense_forces_and_public_security:604:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security605cpe:2.3:a:sap:erp_defense_forces_and_public_security:605:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security616cpe:2.3:a:sap:erp_defense_forces_and_public_security:616:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security617cpe:2.3:a:sap:erp_defense_forces_and_public_security:617:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security618cpe:2.3:a:sap:erp_defense_forces_and_public_security:618:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security802cpe:2.3:a:sap:erp_defense_forces_and_public_security:802:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security803cpe:2.3:a:sap:erp_defense_forces_and_public_security:803:*:*:*:*:*:*:*
saperp_defense_forces_and_public_security804cpe:2.3:a:sap:erp_defense_forces_and_public_security:804:*:*:*:*:*:*:*
Rows per page:
1-10 of 131

Related

prion 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2023-07-11 03:15:00
cvelist
cvelist
CVE-2023-36924 Log Injection vulnerability in SAP ERP Defense Forces and Public Security
2023-07-11 02:57:27
cve
cve
CVE-2023-36924
2023-07-11 03:15:10

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

30.0%

JSON
Related for NVD:CVE-2023-36924
prion1cvelist1cve1