CVE-2023-36924

Name of the Vulnerable Software and Affected Versions SAP ERP Defense Forces and Public Security versions 600 through 807

Description The issue is related to improper handling of log output, which can be exploited by a remote attacker to overwrite arbitrary files. When using a specific function, an authenticated attacker with admin privileges can write arbitrary data to the syslog file, potentially modifying all syslog data and compromising the application's integrity.

Recommendations For versions 600 through 807, consider restricting access to the syslog file and limiting the privileges of authenticated users to prevent arbitrary data writing until a fix is available. As a temporary workaround, consider disabling the specific function that allows writing to the syslog file until a patch is available.