CVE-2023-7248

Summary

Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. 

The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower

Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x

Affected Software

VendorProductVersion RangeStatus
OpentextVertica Management Console10.xaffected
OpentextVertica Management Console11.x <= 11.1.1-24affected
OpentextVertica Management Console12.x <= 12.0.4-18affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References