Lucene search

[email protected]CVE-2023-36924

HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-36924

2023-07-1103:15:10

CWE-117

[email protected]

web.nvd.nist.gov

cve-2023-36924

sap erp

defense forces

authenticated attacker

admin privileges

syslog file

integrity compromise

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.5%

JSON

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.

Affected configurations

NVD

Node

saperp_defense_forces_and_public_securityMatch600

saperp_defense_forces_and_public_securityMatch603

saperp_defense_forces_and_public_securityMatch604

saperp_defense_forces_and_public_securityMatch605

saperp_defense_forces_and_public_securityMatch616

saperp_defense_forces_and_public_securityMatch617

saperp_defense_forces_and_public_securityMatch618

saperp_defense_forces_and_public_securityMatch802

saperp_defense_forces_and_public_securityMatch803

saperp_defense_forces_and_public_securityMatch804

saperp_defense_forces_and_public_securityMatch805

saperp_defense_forces_and_public_securityMatch806

saperp_defense_forces_and_public_securityMatch807

CPENameOperatorVersion
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq600
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq603
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq604
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq605
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq616
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq617
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq618
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq802
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq803
sap:erp_defense_forces_and_public_securitysap erp defense forces and public securityeq804

CPE	Name	Operator	Version
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	600
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	603
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	604
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	605
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	616
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	617
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	618
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	802
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	803
sap:erp_defense_forces_and_public_security	sap erp defense forces and public security	eq	804

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP ERP Defense Forces and Public Security",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "600"
      },
      {
        "status": "affected",
        "version": "603"
      },
      {
        "status": "affected",
        "version": "604"
      },
      {
        "status": "affected",
        "version": "605"
      },
      {
        "status": "affected",
        "version": "616"
      },
      {
        "status": "affected",
        "version": "617"
      },
      {
        "status": "affected",
        "version": "618"
      },
      {
        "status": "affected",
        "version": "802"
      },
      {
        "status": "affected",
        "version": "803"
      },
      {
        "status": "affected",
        "version": "804"
      },
      {
        "status": "affected",
        "version": "805"
      },
      {
        "status": "affected",
        "version": "806"
      },
      {
        "status": "affected",
        "version": "807"
      }
    ]
  }
]

References

me.sap.com/notes/3351410

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.5%

JSON

Related for CVE-2023-36924

nvd1 prion1 cvelist1