CVE-2023-2024 CRITICAL

CVE-2023-2024: Improper Authentication for OpenBlue Enterprise Manager Data Collector

Vendor Johnson Controls
Product OpenBlue Enterprise Manager Data Collector
Weakness CWE-287 · Improper authentication
Published May 18, 2023
Last update February 12, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.

Key dates

02Disclosure timeline

May 18, 2023 CVE published
February 12, 2025 Record updated