Delphix Continuous Compliance Improper Access Control Vulnerability Allowing Database Access
Vulnerability
A vulnerability exists in Delphix Continuous Compliance and Containerized Masking releases prior to version 2025.2.0.1, where a valid, authenticated user with sufficient privileges can exploit the application's built-in Connector functionality to access the internal database. This access allows the user to navigate the database schema and export data, including details about Connecters and Rule Sets. The vulnerability arises from improper access control, enabling unauthorized database exploration and data extraction by privileged users who are knowledgeable about the application's internal database configurations.
Impact
Exploitation of this vulnerability could lead to unauthorized access to the internal database, allowing for exploration of the database schema and extraction of sensitive data, including properties of Connecters and Rule Sets.
Remediation
Users can upgrade to Delphix version 2025.2.0.1 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.