Vulnerability Description
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 4D | Server | 17 |
Related Weaknesses (CWE)
References
- https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/
- https://packetstormsecurity.comNot ApplicableThird Party AdvisoryVDB Entry
- https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authenticExploit
- https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/
- https://packetstormsecurity.comNot ApplicableThird Party AdvisoryVDB Entry
- https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authenticExploit
FAQ
What is CVE-2023-30222?
CVE-2023-30222 is a vulnerability with a CVSS score of 7.5 (HIGH). An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.
How severe is CVE-2023-30222?
CVE-2023-30222 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30222?
Check the references section above for vendor advisories and patch information. Affected products include: 4D Server.