CVE-2023-38422
Walchem Intuition Missing Authentication for Critical Function
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
23 Aug 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Walchem · Intuition 9