Vulnerability Description
A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 4D | Server | 17 |
Related Weaknesses (CWE)
References
- https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/
- https://packetstormsecurity.comNot ApplicableThird Party AdvisoryVDB Entry
- https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authenticExploit
- https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/
- https://packetstormsecurity.comNot ApplicableThird Party AdvisoryVDB Entry
- https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authenticExploit
FAQ
What is CVE-2023-30223?
CVE-2023-30223 is a vulnerability with a CVSS score of 7.5 (HIGH). A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.
How severe is CVE-2023-30223?
CVE-2023-30223 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30223?
Check the references section above for vendor advisories and patch information. Affected products include: 4D Server.