CVE-2023-36924— Log Injection vulnerability in SAP ERP Defense Forces and Public Security
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-36924
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Log Injection vulnerability in SAP ERP Defense Forces and Public Security
Source: NVD (National Vulnerability Database)
Vulnerability Description
While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
日志输出的转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP ERP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP ERP是德国思爱普(SAP)公司的一系列用于ERP管理的软件。 SAP ERP Defense Forces and Public Security 存在安全漏洞,该漏洞源于具有管理员权限的经过身份验证的攻击者可以将任意数据写入系统日志文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP ERP Defense Forces and Public Security | 600 | - |
II. Public POCs for CVE-2023-36924
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-36924
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2023-07-11 · 18 CVEs total
| CVE-2023-36922 | 9.1 CRITICAL | OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL) |
| CVE-2023-33989 | 8.7 HIGH | Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON) |
| CVE-2023-33987 | 8.6 HIGH | Request smuggling and request concatenation in SAP Web Dispatcher |
| CVE-2023-33990 | 7.8 HIGH | Denial of Service (DoS) vulnerability in SAP SQL Anywhere |
| CVE-2023-35871 | 7.7 HIGH | Memory Corruption vulnerability in SAP Web Dispatcher |
| CVE-2023-36921 | 7.2 HIGH | Header Injection in SAP Solution Manager (Diagnostic Agent) |
| CVE-2023-36925 | 7.2 HIGH | Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent) |
| CVE-2023-35872 | 6.5 MEDIUM | Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool) |
| CVE-2023-35873 | 6.5 MEDIUM | Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench) |
| CVE-2023-35870 | 6.3 MEDIUM | Improper Access Control in SAP S/4HANA (Manage Journal Entry Template) |
| CVE-2023-36918 | 6.1 MEDIUM | Cross-Site Scripting vulnerability in SAP Enable Now |
| CVE-2023-33988 | 6.1 MEDIUM | Cross-Site Scripting vulnerability in SAP Enable Now |
| CVE-2023-35874 | 6.0 MEDIUM | Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform |
| CVE-2023-36917 | 5.9 MEDIUM | Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-36919 | 5.3 MEDIUM | Information Disclosure in SAP Enable Now |
| CVE-2023-31405 | 5.3 MEDIUM | Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) |
| CVE-2023-33992 | 4.5 MEDIUM | Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA |
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
Same weakness: CWE-117
- CVE-2026-6494
Aap-mcp-server: aap mcp server: log injection allows social - CVE-2025-14684
IBM Maximo Application Suite - Monitor Component uses Log Fo - CVE-2025-59784
Log Pollution - Control Characters Not Escaped - CVE-2025-12755
Multiple vulnerabilities in IBM MQ Operator and Queue manage - CVE-2025-11537
Keycloak-server: sensitive headers shown in the http access
V. Comments for CVE-2023-36924
No comments yet