Lucene search

PRIOn knowledge basePRION:CVE-2023-30222

HistoryJun 16, 2023 - 5:15 p.m.

Information disclosure

2023-06-1617:15:00

PRIOn knowledge base

www.prio-n.com

4d sas

password hashes

eavesdropping

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.

CPENameOperatorVersion
servereq18
servereq18 r5
servereq19
servereq19 r7
servereq17

Name	Operator	Version
server	eq	18
server	eq	18 r5
server	eq	19
server	eq	19 r7
server	eq	17

References

blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/

packetstormsecurity.com

www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for PRION:CVE-2023-30222