EDB Hybrid Manager gRPC Endpoint Access Vulnerability Allowing Data Exposure and Denial-of-Service
Vulnerability
A vulnerability in EDB Hybrid Manager allows unauthenticated access to certain gRPC endpoints, potentially leading to unauthorized data access or a denial-of-service condition by sending malformed data. This issue arises from a misconfiguration in the Istio Gateway, which failed to properly define authentication and authorization requirements for the affected endpoints, allowing requests to bypass these security measures. The vulnerability affects all versions of Hybrid Manager - LTS and Innovation, with a recommended upgrade to version 1.3.3 for LTS users and version 2025.12 for Innovation users.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive data or a denial-of-service condition by disrupting normal operations through the introduction of malformed data.
Remediation
Users of EDB Hybrid Manager - LTS should upgrade to version 1.3.3, while users of Hybrid Manager - Innovation should upgrade to version 2025.12.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.