CVE-2023-7248
Last modified
CVE-2023-7248 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x . EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Vertica | >= 10.0.0-0, <= 10.1.1-26 |
| Opentext | Vertica | >= 11.0.0-0, < 11.1.1-25 |
| Opentext | Vertica | >= 12.0.0-0, < 12.0.4-19 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-7248?
How severe is CVE-2023-7248?
How do I fix CVE-2023-7248?
Are you affected by CVE-2023-7248?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST