CVE-2023-7248 MEDIUM

CVE-2023-7248: OpenText Vertica Management console might be prone to bypass via crafted requests

Vendor Opentext

Product Vertica Management Console

Weakness CWE-20 · Input validation

Published March 15, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x

Key dates

02Disclosure timeline

March 15, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-7248 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2023-7248

CWE CWE-20

CVSS 5.0 / MEDIUM

Affected versions

Vendor Opentext

Product Vertica Management Console

Affected 10.x

Vendor Opentext

Product Vertica Management Console

Affected ≥ 11.x and ≤ 11.1.1-24

Vendor Opentext

Product Vertica Management Console

Affected ≥ 12.x and ≤ 12.0.4-18

CVE-2023-7248: OpenText Vertica Management console might be prone to bypass via crafted requests

01Description

02Disclosure timeline

03References

04Related CVE