CVE-2023-7248 - Vulnerability Details - OpenCVE

Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opentext	Vertica

Configuration 1 [-]

OR	cpe:2.3:a:opentext:vertica::::::::
	cpe:2.3:a:opentext:vertica::::::::
	cpe:2.3:a:opentext:vertica::::::::

No data.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000027542?language=en_US

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-03-15T19:30:27.419Z

Updated: 2024-08-02T08:57:35.093Z

Reserved: 2024-02-26T17:58:17.863Z

Link: CVE-2023-7248

Vulnrichment

Updated: 2024-08-02T08:57:35.093Z

NVD

Status : Modified

Published: 2024-03-15T20:15:07.280

Modified: 2024-11-21T08:45:36.437

Link: CVE-2023-7248

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7248", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-02-26T17:58:17.863Z", "datePublished": "2024-03-15T19:30:27.419Z", "dateUpdated": "2024-08-02T08:57:35.093Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Vertica Management Console", "vendor": "Opentext", "versions": [{"status": "affected", "version": "10.x"}, {"lessThanOrEqual": "11.1.1-24", "status": "affected", "version": "11.x", "versionType": "custom"}, {"lessThanOrEqual": "12.0.4-18", "status": "affected", "version": "12.x", "versionType": "custom"}]}], "datePublic": "2024-03-12T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<strong>Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. <br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\"><strong>The vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. </strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>This issue impacts the following Vertica Management Console versions:</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>10.x</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>11.1.1-24 or lower</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>12.0.4-18 or lower</strong></span>\n\n<br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to one of the following Vertica Management Console versions:</span><br><span style=\"background-color: rgb(255, 255, 255);\">10.x to upgrade to latest versions from below.</span><br><span style=\"background-color: rgb(255, 255, 255);\">11.1.1-25</span><br><span style=\"background-color: rgb(255, 255, 255);\">12.0.4-19</span><br><span style=\"background-color: rgb(255, 255, 255);\">23.x</span><br><span style=\"background-color: rgb(255, 255, 255);\">24.x</span>\n\n</strong>\n\n<br><br>"}], "value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n"}], "impacts": [{"capecId": "CAPEC-140", "descriptions": [{"lang": "en", "value": "CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-03-15T19:30:27.419Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000027542?language=en_US\">https://portal.microfocus.com/s/article/KM000027542?language=en_US</a><br><br>"}], "value": "\n https://portal.microfocus.com/s/article/KM000027542?language=en_US \n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "OpenText Vertica Management console might be prone to bypass via crafted requests", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "opentext", "product": "vertica_management_console", "cpes": ["cpe:2.3:a:opentext:vertica_management_console:10.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.0", "status": "affected", "lessThan": "11.0", "versionType": "custom"}]}, {"vendor": "opentext", "product": "vertica_management_console", "cpes": ["cpe:2.3:a:opentext:vertica_management_console:11.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11.0", "status": "affected", "lessThanOrEqual": "11.1.1-24", "versionType": "custom"}]}, {"vendor": "opentext", "product": "vertica_management_console", "cpes": ["cpe:2.3:a:opentext:vertica_management_console:12.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.0", "status": "affected", "lessThanOrEqual": "12.0.4-18", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-18T14:06:10.703241Z", "id": "CVE-2023-7248", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T16:48:47.101Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.093Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.093Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7248", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-18T14:06:10.703241Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:vertica_management_console:10.0:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "vertica_management_console", "versions": [{"status": "affected", "version": "10.0", "lessThan": "11.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:opentext:vertica_management_console:11.0:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "vertica_management_console", "versions": [{"status": "affected", "version": "11.0", "versionType": "custom", "lessThanOrEqual": "11.1.1-24"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:opentext:vertica_management_console:12.0:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "vertica_management_console", "versions": [{"status": "affected", "version": "12.0", "versionType": "custom", "lessThanOrEqual": "12.0.4-18"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T16:48:43.297Z"}}], "cna": {"title": "OpenText Vertica Management console might be prone to bypass via crafted requests", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-140", "descriptions": [{"lang": "en", "value": "CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Opentext", "product": "Vertica Management Console", "versions": [{"status": "affected", "version": "10.x"}, {"status": "affected", "version": "11.x", "versionType": "custom", "lessThanOrEqual": "11.1.1-24"}, {"status": "affected", "version": "12.x", "versionType": "custom", "lessThanOrEqual": "12.0.4-18"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\n https://portal.microfocus.com/s/article/KM000027542?language=en_US \n\n", "supportingMedia": [{"type": "text/html", "value": "<br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000027542?language=en_US\">https://portal.microfocus.com/s/article/KM000027542?language=en_US</a><br><br>", "base64": false}]}], "datePublic": "2024-03-12T19:00:00.000Z", "references": [{"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<strong>Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. <br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\"><strong>The vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. </strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>This issue impacts the following Vertica Management Console versions:</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>10.x</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>11.1.1-24 or lower</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>12.0.4-18 or lower</strong></span>\n\n<br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to one of the following Vertica Management Console versions:</span><br><span style=\"background-color: rgb(255, 255, 255);\">10.x to upgrade to latest versions from below.</span><br><span style=\"background-color: rgb(255, 255, 255);\">11.1.1-25</span><br><span style=\"background-color: rgb(255, 255, 255);\">12.0.4-19</span><br><span style=\"background-color: rgb(255, 255, 255);\">23.x</span><br><span style=\"background-color: rgb(255, 255, 255);\">24.x</span>\n\n</strong>\n\n<br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-03-15T19:30:27.419Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7248", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:57:35.093Z", "dateReserved": "2024-02-26T17:58:17.863Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-03-15T19:30:27.419Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "matchCriteriaId": "056D6A40-95C6-4FEA-91C9-B5C41AE254C4", "versionEndIncluding": "10.1.1-26", "versionStartIncluding": "10.0.0-0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "matchCriteriaId": "C15386AE-A142-4A50-9B64-276C2FC3E959", "versionEndExcluding": "11.1.1-25", "versionStartIncluding": "11.0.0-0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "matchCriteriaId": "84FC2248-AAC2-4994-BBB3-6705EAB9934B", "versionEndExcluding": "12.0.4-19", "versionStartIncluding": "12.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n"}, {"lang": "es", "value": "Ciertas funciones en la consola de OpenText Vertica Management pueden ser propensas a omitirse mediante solicitudes manipuladas. La vulnerabilidad afectar\u00eda una de las funcionalidades de autenticaci\u00f3n de Vertica al permitir solicitudes y secuencias especialmente manipuladas. Este problema afecta las siguientes versiones de Vertica Management Console: 10.x 11.1.1-24 o anterior 12.0.4-18 o anterior Actualice a una de las siguientes versiones de Vertica Management Console: 10.x para actualizar a las \u00faltimas versiones desde abajo. 11.1.1-25 12.0.4-19 23.x 24.x"}], "id": "CVE-2023-7248", "lastModified": "2024-11-21T08:45:36.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.7, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-15T20:15:07.280", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@opentext.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}