CVE-2023-38422 HIGH

CVE-2023-38422: Walchem Intuition Missing Authentication for Critical Function

Vendor Walchem
Product Intuition 9
Weakness CWE-306 · Missing auth
Published August 23, 2023
Last update October 3, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.

Key dates

02Disclosure timeline

August 23, 2023 CVE published
October 3, 2024 Record updated