CVE-2023-38422

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 23, 2023

Updated: Sep 5, 2023

CWE ID 306

Summary

CVE-2023-38422: Walchem Intuition 9's management web server API lacks authentication in certain routes, prior to version 4.21. This vulnerability exposes sensitive data to potential attackers, enabling them to download and export it without proper authorization. This oversight could lead to significant data breaches if not mitigated promptly. Organizations running affected versions should update their firmware or implement alternative security measures to protect their data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sCdDPE
https://www.cve.org/CVERecord?id=CVE-2023-38422
https://nvd.nist.gov/vuln/detail/CVE-2023-38422

Back to Vulnerability Database

CVE-2023-38422

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations