← back
CVE-2023-38422

Walchem Intuition Missing Authentication for Critical Function

CVSS 7.5 HIGHEPSS 0.5%CWE-306
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Aug 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Walchem · Intuition 9