CVE-2023-36924: Log Injection vulnerability in SAP ERP Defense Forces and Public Security
First published: Tue Jul 11 2023(Updated: )
While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP ERP Defense Forces and Public Security | =600 | |
| SAP ERP Defense Forces and Public Security | =603 | |
| SAP ERP Defense Forces and Public Security | =604 | |
| SAP ERP Defense Forces and Public Security | =605 | |
| SAP ERP Defense Forces and Public Security | =616 | |
| SAP ERP Defense Forces and Public Security | =617 | |
| SAP ERP Defense Forces and Public Security | =618 | |
| SAP ERP Defense Forces and Public Security | =802 | |
| SAP ERP Defense Forces and Public Security | =803 | |
| SAP ERP Defense Forces and Public Security | =804 | |
| SAP ERP Defense Forces and Public Security | =805 | |
| SAP ERP Defense Forces and Public Security | =806 | |
| SAP ERP Defense Forces and Public Security | =807 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-36924?
The severity of CVE-2023-36924 is medium with a CVSS score of 4.9.
How does CVE-2023-36924 impact SAP ERP Defense Forces and Public Security?
CVE-2023-36924 allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file in SAP ERP Defense Forces and Public Security versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, and 807.
How can an attacker exploit CVE-2023-36924?
An attacker can exploit CVE-2023-36924 by gaining admin privileges and writing arbitrary data to the syslog file in the affected SAP ERP Defense Forces and Public Security versions.
What is the recommended solution for CVE-2023-36924?
To mitigate CVE-2023-36924, SAP recommends applying the patches and security notes provided in the SAP Security Advisory.
Where can I find more information about CVE-2023-36924?
You can find more information about CVE-2023-36924 in the SAP notes and security advisory provided on the SAP website.
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/severity
- agent/event
- agent/tags
- agent/first-publish-date
- agent/description
- vendor/sap
- canonical/sap erp defense forces and public security
- version/sap erp defense forces and public security/600
- version/sap erp defense forces and public security/603
- version/sap erp defense forces and public security/604
- version/sap erp defense forces and public security/605
- version/sap erp defense forces and public security/616
- version/sap erp defense forces and public security/617
- version/sap erp defense forces and public security/618
- version/sap erp defense forces and public security/802
- version/sap erp defense forces and public security/803
- version/sap erp defense forces and public security/804
- version/sap erp defense forces and public security/805
- version/sap erp defense forces and public security/806
- version/sap erp defense forces and public security/807