Vulnerability Details CVE-2023-30222
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.1%
CVSS Severity
CVSS v3 Score 7.5
References
- https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/
- https://packetstormsecurity.com
- https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/
- https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/
- https://packetstormsecurity.com
- https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/