本页列出影响 4d server 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-39847 | Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. | 23637b5d-af4c-4cf9-b8f6-deb7fd0f8423 | 8.7 | 0.04% | 2026-04-30 | 2026-05-17 |
| CVE-2023-4770 | An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | [email protected] | 6.5 | 0.42% | 2023-11-30 | 2024-11-21 |
| CVE-2023-30223 | A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. | [email protected] | 7.5 | 0.03% | 2023-06-16 | 2024-11-21 |
| CVE-2023-30222 | An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. | [email protected] | 7.5 | 0.38% | 2023-06-16 | 2024-11-21 |