Broken Authentication in 4D SAS Server Software by 4D
CVE-2023-30223

7.5HIGH

Key Information:

Vendor: 4d
Status: Server
Vendor: CVE Published:; 16 June 2023

What is CVE-2023-30223?

A vulnerability in the 4D SAS 4D Server software allows attackers to exploit broken authentication protocols. This weakness permits the crafted TCP packets to be sent to the server, enabling attackers to perform unauthorized actions. The flaw affects versions v17, v18, and v19 R7 of the software, as well as earlier releases. It is critical for organizations using this software to apply the necessary patches and security updates to mitigate the risks associated with this vulnerability.

References

https://packetstormsecurity.com

https://www.infigo.is/en/insights/42/information-disclosu...

https://blog.4d.com/security-bulletin-two-cves-and-how-to...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2023
Vulnerability Reserved
Apr 7, 2023

CVE-2023-30223 Data

JSON