Vulnerabilities > CVE-2023-36924 - Unspecified vulnerability in SAP ERP Defense Forces and Public Security

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2023-07-11

Updated: 2024-11-21

Summary

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP ERP Defense Forces AND Public Security 603 SAP ERP Defense Forces AND Public Security 604 SAP ERP Defense Forces AND Public Security 605 SAP ERP Defense Forces AND Public Security 616 SAP ERP Defense Forces AND Public Security 617 SAP ERP Defense Forces AND Public Security 618 SAP ERP Defense Forces AND Public Security 802 SAP ERP Defense Forces AND Public Security 803 SAP ERP Defense Forces AND Public Security 804 SAP ERP Defense Forces AND Public Security 805 SAP ERP Defense Forces AND Public Security 806 SAP ERP Defense Forces AND Public Security 807 SAP ERP Defense Forces AND Public Security 600	13

Summary

Vulnerable Configurations

References