CVE-2023-4770 — MEDIUM (6.5)

Vulnerability Description

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
4D	4D	19
4D	Server	19
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-427

References

https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-elemThird Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-elemThird Party Advisory

FAQ

What is CVE-2023-4770?

CVE-2023-4770 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by...

How severe is CVE-2023-4770?

CVE-2023-4770 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4770?

Check the references section above for vendor advisories and patch information. Affected products include: 4D 4D, 4D Server, Microsoft Windows.