CVE-2023-30222

Affected product/implementation: 4D SAS 4D Server Application (4D Server) versions v17, v18, v19 R7 and earlier. Vulnerability summary: An information-disclosure flaw enables an attacker to retrieve password hashes for all users by eavesdropping on affected deployments. Root cause (as stated): In...

CVE-2023-30223

The CVE-2023-30223 entry concerns a broken authentication vulnerability in 4D SAS 4D Server software (versions to v17, v18, v19 R7 and earlier). According to connected sources, an attacker could send crafted TCP packets containing requests to perform arbitrary actions, indicating a remote, networ...

CVE-2023-4770

CVE-2023-4770 affects 4D and 4D server Windows executables, specifically version 19 R8 100218. The issue is an uncontrolled search path element causing DLL hijacking by replacing the x64 shfolder.dll in the installation path, leading to arbitrary code execution. Public details confirm the vulnera...

CVE-2024-39847

CVE-2024-39847 describes an XXE-like weakness in the XML parser of the 4D Server SOAP endpoints. Unauthenticated attackers can read files on the application server and adjacent network shares, and can issue HTTP GET requests to arbitrary services. The connected documents confirm the vulnerability...