PT-2023-32048 · Field Logic · Field Logic Datacube4
Cv3Tr4Ck
·
Published
2023-10-02
·
Updated
2024-05-17
·
CVE-2023-5329
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Field Logic DataCube4 up to 20231001
Description
A problematic issue was found in the Web API component, affecting unknown code of the file /api/. This leads to improper authentication. The exploit has been disclosed to the public and may be used.
Recommendations
For Field Logic DataCube4 up to 20231001, consider restricting access to the /api/ endpoint until a fix is available. As a temporary workaround, review and strengthen authentication mechanisms to minimize the risk of exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Field Logic Datacube4