CVE-2023-1656

Name of the Vulnerable Software and Affected Versions OpenIDM and Java Remote Connector Server (RCS) versions 1.5.20.9 through 1.5.20.13

Description The issue is related to the cleartext transmission of sensitive information, which can allow remote services to access protected information with stolen credentials. This is due to a lack of protection for transmitted data in the LDAP connector of the Java Remote Connector Server (RCS) and the OpenIDM system.

Recommendations For versions 1.5.20.9 through 1.5.20.13, consider disabling the LDAP connector until a patch is available to prevent exploitation. Restrict access to remote services to minimize the risk of unauthorized access to sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.