While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3351410 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2023-07-11T02:57:27.493Z
Updated: 2023-07-11T02:57:27.493Z
Reserved: 2023-06-27T21:23:26.300Z
Link: CVE-2023-36924
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-11T03:15:10.417
Modified: 2023-07-19T18:29:41.167
Link: CVE-2023-36924
JSON object: View
Redhat Information
No data.
CWE