PT-2024-15249 · Opentext · Opentext Vertica Management Console
Published
2024-03-15
·
Updated
2024-07-26
·
CVE-2023-7248
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenText Vertica Management Console versions 10.x
OpenText Vertica Management Console versions 11.1.1-24 or lower
OpenText Vertica Management Console versions 12.0.4-18 or lower
Description
The issue affects one of Vertica's authentication functionalities, allowing specially crafted requests and sequences to bypass certain functionality in the OpenText Vertica Management console.
Recommendations
For OpenText Vertica Management Console versions 10.x, upgrade to the latest version.
For OpenText Vertica Management Console versions 11.1.1-24 or lower, upgrade to version 11.1.1-25.
For OpenText Vertica Management Console versions 12.0.4-18 or lower, upgrade to version 12.0.4-19.
Alternatively, consider upgrading to versions 23.x or 24.x.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Vertica Management Console