📄 4D Server Server-Side Request Forgery / Arbitrary File Read

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP SIGNED...

CVE-2023-30223

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions...

CVE-2023-4770

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution...

CVE-2023-4770

CVE-2023-4770 affects 4D and 4D server Windows executables, specifically version 19 R8 100218. The issue is an uncontrolled search path element causing DLL hijacking by replacing the x64 shfolder.dll in the installation path, leading to arbitrary code execution. Public details confirm the vulnera...

CVE-2023-30222

Affected product/implementation: 4D SAS 4D Server Application (4D Server) versions v17, v18, v19 R7 and earlier. Vulnerability summary: An information-disclosure flaw enables an attacker to retrieve password hashes for all users by eavesdropping on affected deployments. Root cause (as stated): In...

CVE-2023-30222

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping...

CVE-2023-30223

The CVE-2023-30223 entry concerns a broken authentication vulnerability in 4D SAS 4D Server software (versions to v17, v18, v19 R7 and earlier). According to connected sources, an attacker could send crafted TCP packets containing requests to perform arbitrary actions, indicating a remote, networ...