CVE-2023-36924

MEDIUM

SAP ERP Defense Forces and Public Security - Authenticated Privileg...

Title source: llm

Description

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.

References (2)

[Permissions Required] https://me.sap.com/notes/3351410

[Vendor Advisory] https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 4.9

EPSS 0.0013

EPSS Percentile 32.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-117

Status published

Products (13)

sap/erp_defense_forces_and_public_security 600

sap/erp_defense_forces_and_public_security 603

sap/erp_defense_forces_and_public_security 604

sap/erp_defense_forces_and_public_security 605

sap/erp_defense_forces_and_public_security 616

sap/erp_defense_forces_and_public_security 617

sap/erp_defense_forces_and_public_security 618

sap/erp_defense_forces_and_public_security 802

sap/erp_defense_forces_and_public_security 803

sap/erp_defense_forces_and_public_security 804

... and 3 more

Published Jul 11, 2023

Tracked Since Feb 18, 2026