{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7248", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-02-26T17:58:17.863Z", "datePublished": "2024-03-15T19:30:27.419Z", "dateUpdated": "2024-08-02T08:57:35.093Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Vertica Management Console", "vendor": "Opentext", "versions": [{"status": "affected", "version": "10.x"}, {"lessThanOrEqual": "11.1.1-24", "status": "affected", "version": "11.x", "versionType": "custom"}, {"lessThanOrEqual": "12.0.4-18", "status": "affected", "version": "12.x", "versionType": "custom"}]}], "datePublic": "2024-03-12T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<strong>Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.&nbsp;<br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\"><strong>The vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. </strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>This issue impacts the following Vertica Management Console versions:</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>10.x</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>11.1.1-24 or lower</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>12.0.4-18 or lower</strong></span>\n\n<br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to one of the following Vertica Management Console versions:</span><br><span style=\"background-color: rgb(255, 255, 255);\">10.x to upgrade to latest versions from below.</span><br><span style=\"background-color: rgb(255, 255, 255);\">11.1.1-25</span><br><span style=\"background-color: rgb(255, 255, 255);\">12.0.4-19</span><br><span style=\"background-color: rgb(255, 255, 255);\">23.x</span><br><span style=\"background-color: rgb(255, 255, 255);\">24.x</span>\n\n</strong>\n\n<br><br>"}], "value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n"}], "impacts": [{"capecId": "CAPEC-140", "descriptions": [{"lang": "en", "value": "CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-03-15T19:30:27.419Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000027542?language=en_US\">https://portal.microfocus.com/s/article/KM000027542?language=en_US</a><br><br>"}], "value": "\n https://portal.microfocus.com/s/article/KM000027542?language=en_US \n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "OpenText Vertica Management console might be prone to bypass via crafted requests", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "opentext", "product": "vertica_management_console", "cpes": ["cpe:2.3:a:opentext:vertica_management_console:10.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.0", "status": "affected", "lessThan": "11.0", "versionType": "custom"}]}, {"vendor": "opentext", "product": "vertica_management_console", "cpes": ["cpe:2.3:a:opentext:vertica_management_console:11.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11.0", "status": "affected", "lessThanOrEqual": "11.1.1-24", "versionType": "custom"}]}, {"vendor": "opentext", "product": "vertica_management_console", "cpes": ["cpe:2.3:a:opentext:vertica_management_console:12.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.0", "status": "affected", "lessThanOrEqual": "12.0.4-18", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-18T14:06:10.703241Z", "id": "CVE-2023-7248", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T16:48:47.101Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.093Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.093Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7248", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-18T14:06:10.703241Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:vertica_management_console:10.0:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "vertica_management_console", "versions": [{"status": "affected", "version": "10.0", "lessThan": "11.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:opentext:vertica_management_console:11.0:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "vertica_management_console", "versions": [{"status": "affected", "version": "11.0", "versionType": "custom", "lessThanOrEqual": "11.1.1-24"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:opentext:vertica_management_console:12.0:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "vertica_management_console", "versions": [{"status": "affected", "version": "12.0", "versionType": "custom", "lessThanOrEqual": "12.0.4-18"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T16:48:43.297Z"}}], "cna": {"title": "OpenText Vertica Management console might be prone to bypass via crafted requests", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-140", "descriptions": [{"lang": "en", "value": "CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Opentext", "product": "Vertica Management Console", "versions": [{"status": "affected", "version": "10.x"}, {"status": "affected", "version": "11.x", "versionType": "custom", "lessThanOrEqual": "11.1.1-24"}, {"status": "affected", "version": "12.x", "versionType": "custom", "lessThanOrEqual": "12.0.4-18"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\n https://portal.microfocus.com/s/article/KM000027542?language=en_US \n\n", "supportingMedia": [{"type": "text/html", "value": "<br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000027542?language=en_US\">https://portal.microfocus.com/s/article/KM000027542?language=en_US</a><br><br>", "base64": false}]}], "datePublic": "2024-03-12T19:00:00.000Z", "references": [{"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<strong>Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.&nbsp;<br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\"><strong>The vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. </strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>This issue impacts the following Vertica Management Console versions:</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>10.x</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>11.1.1-24 or lower</strong></span><br><span style=\"background-color: rgb(255, 255, 255);\"><strong>12.0.4-18 or lower</strong></span>\n\n<br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to one of the following Vertica Management Console versions:</span><br><span style=\"background-color: rgb(255, 255, 255);\">10.x to upgrade to latest versions from below.</span><br><span style=\"background-color: rgb(255, 255, 255);\">11.1.1-25</span><br><span style=\"background-color: rgb(255, 255, 255);\">12.0.4-19</span><br><span style=\"background-color: rgb(255, 255, 255);\">23.x</span><br><span style=\"background-color: rgb(255, 255, 255);\">24.x</span>\n\n</strong>\n\n<br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-03-15T19:30:27.419Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7248", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:57:35.093Z", "dateReserved": "2024-02-26T17:58:17.863Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-03-15T19:30:27.419Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "matchCriteriaId": "056D6A40-95C6-4FEA-91C9-B5C41AE254C4", "versionEndIncluding": "10.1.1-26", "versionStartIncluding": "10.0.0-0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "matchCriteriaId": "C15386AE-A142-4A50-9B64-276C2FC3E959", "versionEndExcluding": "11.1.1-25", "versionStartIncluding": "11.0.0-0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*", "matchCriteriaId": "84FC2248-AAC2-4994-BBB3-6705EAB9934B", "versionEndExcluding": "12.0.4-19", "versionStartIncluding": "12.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n"}, {"lang": "es", "value": "Ciertas funciones en la consola de OpenText Vertica Management pueden ser propensas a omitirse mediante solicitudes manipuladas. La vulnerabilidad afectar\u00eda una de las funcionalidades de autenticaci\u00f3n de Vertica al permitir solicitudes y secuencias especialmente manipuladas. Este problema afecta las siguientes versiones de Vertica Management Console: 10.x 11.1.1-24 o anterior 12.0.4-18 o anterior Actualice a una de las siguientes versiones de Vertica Management Console: 10.x para actualizar a las \u00faltimas versiones desde abajo. 11.1.1-25 12.0.4-19 23.x 24.x"}], "id": "CVE-2023-7248", "lastModified": "2024-11-21T08:45:36.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.7, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-15T20:15:07.280", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@opentext.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}