CVE-2023-36924 Information

Description

While using a specific function SAP ERP Defense Forces and Public Security - versions 600 603 604 605 616 617 618 802 803 804 805 806 807 allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation an attacker could modify all the syslog data causing a complete compromise of integrity of the application.

Reference

https://me.sap.com/notes/3351410 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html