PT-2023-22593 · 4D · 4D Server Application
Karlo Dautović
·
Published
2023-06-16
·
Updated
2023-12-14
·
CVE-2023-30222
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
4D Server Application versions v17 through v19 R7
Description
An information disclosure issue allows attackers to retrieve password hashes for all users via eavesdropping.
Recommendations
For versions v17 through v19 R7, update to a version later than v19 R7 to resolve the issue.
Exploit
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
4D Server Application