Crafted Requests Can Bypass Authentication in OpenText Vertica Management Console
CVE-2023-7248

9.8CRITICAL

Key Information:

Vendor: Opentext
Status: Vertica Management Console
Vendor: CVE Published:; 15 March 2024

Summary

A vulnerability has been identified in the authentication functionality of OpenText Vertica Management Console, where specially crafted requests could potentially bypass security measures. This affects multiple versions of the console, particularly those that are outdated. Affected versions include all versions of 10.x, 11.1.1-24 and lower, as well as 12.0.4-18 and lower. To mitigate this issue, users are advised to upgrade to the latest versions available: 11.1.1-25, 12.0.4-19, or the 23.x and 24.x series. Timely action is crucial to ensure system integrity and security.

Affected Version(s)

Vertica Management Console 10.x

Vertica Management Console 11.x <= 11.1.1-24

Vertica Management Console 12.x <= 12.0.4-18

References

https://portal.microfocus.com/s/article/KM000027542?langu...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2024
Vulnerability Reserved
Feb 26, 2024