We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-36924

Log Injection vulnerability in SAP ERP Defense Forces and Public Security



Description

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.

Reserved 2023-06-27 | Published 2023-07-11 | Updated 2024-10-23 | Assigner sap


MEDIUM: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-117: Improper Output Neutralization for Logs

Product status

Default status
unaffected

600
affected

603
affected

604
affected

605
affected

616
affected

617
affected

618
affected

802
affected

803
affected

804
affected

805
affected

806
affected

807
affected

References

me.sap.com/notes/3351410

www.sap.com/.../02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

cve.org (CVE-2023-36924)

nvd.nist.gov (CVE-2023-36924)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-36924

Support options

Helpdesk Chat, Email, Knowledgebase