IT/OT security specialist Stormshield has reported a new cloud-marketplace critical vulnerability, outlined by the US NIST National Vulnerability Database as CVE-2023-49103.
According to Stormshield customer security lab researcher Pierre-Olivier Kaplan, CVE-2023-49103 affects ownCloud servers through its app graphapi 0.2.0-0.3.0.
“This vulnerability has a CVSS 3.1 score of 10, the highest possible. This flaw allows an attacker, remotely and without any authentication, to read a phpinfo file that contains many sensitive information about the local environment,” warned Kaplan.
This potentially included configuration details and user information. On containerised deployments, the situation is “even worse”, according to Kaplan, as it also includes ownCloud admin password, mail server credentials, database credentials, and licence key.
He added that network security offerings like its own are capable of detecting and blocking related exploits. Meanwhile, users should update ownCloud and graphapi.
The news follows Stormshield integration of Bitdefender URL filtering, on the back of an extended partnership with the latter vendor announced in April 2023.
Stormshield offers solutions for data security in the enterprise as well as network and endpoint security for organisations through the channel.
Stormshield Data Security Enterprise (SDS Enteprise) boasts abilities to cover off data security requirements even for very large global organisations with internal and external employees across hundreds of offices all working together.
Data exchanges of staffers across storage, mobile devices and more can be traced and kept safe, minimising risk from negligence or information leakage.
“The loss or theft of critical information can all have a major impact on the company. However, this objective becomes rather more problematic in the case of an organisation based in several countries and having different local partners,” according to this Stormshield case study.
Data security should cover not only employee workstations by external partners such as service providers, the vendor suggested, if there is to be “an effective and sovereign solution”.
( Photo by Christin Hume on Unsplash )
