CVE-2023-35154

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jun 23, 2023

Updated: Jul 3, 2023

CWE ID 287

Summary

CVE-2023-35154 is a vulnerability affecting the Knowage open source analytics and business intelligence suite. Prior to version 8.1.8, an attacker was able to register and activate an account without clicking on a confirmation link, granting them access as a regular user. This issue posed a significant security risk, as it bypassed the intended verification process. The vulnerability has since been addressed in version 8.1.8.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Eng Knowage

Affected Vendors

Eng.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rwP7EP
https://www.cve.org/CVERecord?id=CVE-2023-35154
https://nvd.nist.gov/vuln/detail/CVE-2023-35154

Back to Vulnerability Database