Unknown
CVE-2023-36924
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-36924
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
While using a specific function, SAP ERP Defense Forces and Public Security – versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- erp defense forces and public security 600,
- erp defense forces and public security 603,
- erp defense forces and public security 604,
- erp defense forces and public security 605,
- erp defense forces and public security 616,
- erp defense forces and public security 617,
- erp defense forces and public security 618,
- erp defense forces and public security 802,
- erp defense forces and public security 803,
- erp defense forces and public security 804,
- erp defense forces and public security 805,
- erp defense forces and public security 806,
- erp defense forces and public security 807
Weaknesses
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
