CVE-2023-30222

HIGH

4D Server v17 v18 v19 R7 and earlier - Information Disclosure via Password Hash Eavesdropping

Title source: llm

Description

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.

References (3)

Core 3

Core References

Various Sources

https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/

Not Applicable, Third Party Advisory, VDB Entry

https://packetstormsecurity.com

Exploit

https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/

Scores

CVSS v3 7.5

EPSS 0.0096

EPSS Percentile 56.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-295

Status published

Products (3)

4d/server 17

4d/server 18 (2 CPE variants)

4d/server 19 (2 CPE variants)

Published Jun 16, 2023

Tracked Since Feb 18, 2026