CVE-2023-30223

HIGH

4D Server v17 v18 v19 R7 and earlier - Improper Authentication via Crafted TCP Packets

Title source: llm

Description

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

References (3)

Core 3

Core References

Various Sources

https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/

Not Applicable, Third Party Advisory, VDB Entry

https://packetstormsecurity.com

Exploit

https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/

Scores

CVSS v3 7.5

EPSS 0.0112

EPSS Percentile 62.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-287

Status published

Products (3)

4d/server 17

4d/server 18 (2 CPE variants)

4d/server 19 (2 CPE variants)

Published Jun 16, 2023

Tracked Since Feb 18, 2026