PT-2024-16185 · Openbi · Openbi
Glzjin
·
Published
2024-01-30
·
Updated
2024-05-17
·
CVE-2024-1032
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
openBI versions up to 1.0.8
Description
A critical issue was found in the
testConnection function of the /application/index/controller/Databasesource.php file, part of the Test Connection Handler component. This issue leads to deserialization and can be exploited remotely.Recommendations
For openBI versions up to 1.0.8, as a temporary workaround, consider disabling the
testConnection function until a patch is available. Restrict access to the Test Connection Handler component to minimize the risk of exploitation.Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openbi