Information Disclosure in 4D SAS Server Applications by 4D
CVE-2023-30222

7.5HIGH

Key Information:

Vendor: 4d
Status: Server
Vendor: CVE Published:; 16 June 2023

What is CVE-2023-30222?

An information disclosure vulnerability present in various versions of the 4D SAS 4D Server Application allows attackers to intercept and retrieve password hashes of all users. This flaw can potentially lead to unauthorized access to user accounts if the hashed passwords are cracked. It is critical for organizations using affected versions to mitigate this risk by implementing appropriate security measures and updating to patched versions.

References

https://packetstormsecurity.com

https://www.infigo.is/en/insights/42/information-disclosu...

https://blog.4d.com/security-bulletin-two-cves-and-how-to...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2023
Vulnerability Reserved
Apr 7, 2023

CVE-2023-30222 Data

JSON