CVE-2023-36924
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/07/2023
Last modified:
19/07/2023
Description
While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.<br />
<br />
Impact
Base Score 3.x
4.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:600:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:603:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:604:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:605:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:616:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:617:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:618:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:802:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:803:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:804:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:805:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:806:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:erp_defense_forces_and_public_security:807:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page