CVE-2023-36924
Log Injection vulnerability in SAP ERP Defense Forces and Public Security
Severity Score
4.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-27 CVE Reserved
- 2023-07-11 CVE Published
- 2024-07-17 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-117: Improper Output Neutralization for Logs
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-07-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 600 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "600" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 603 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "603" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 604 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "604" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 605 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "605" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 616 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "616" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 617 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "617" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 618 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "618" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 802 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "802" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 803 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "803" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 804 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "804" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 805 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "805" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 806 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "806" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Erp Defense Forces And Public Security Search vendor "Sap" for product "Erp Defense Forces And Public Security" | 807 Search vendor "Sap" for product "Erp Defense Forces And Public Security" and version "807" | - |
Affected
| ||||||