CVE-2024-23687 is a severe security vulnerability identified in the FOLIO mod-data-export-spring component, specifically in versions prior to 1.5.4 and between 2.0.0 and 2.0.2. The root cause is the presence of hard-coded credentials (CWE-798) embedded within the software, which can be exploited by unauthenticated attackers to bypass authentication controls entirely. This allows attackers to access critical APIs that control sensitive operations such as modifying user data, altering system configurations including single-sign-on (SSO) settings, and manipulating fees and fines within the system. The vulnerability is remotely exploitable over the network without requiring any privileges or user interaction, making it highly accessible to attackers. The CVSS 3.1 base score of 9.1 reflects the high impact on confidentiality and integrity, with no direct impact on availability. Although no active exploits have been reported, the vulnerability poses a significant risk due to the critical nature of the affected operations and the ease of exploitation. The affected software is commonly used in library management systems and data export functionalities, which are integral to many European academic, public, and research institutions. The lack of patch links suggests that immediate mitigation steps or updates from maintainers should be sought to remediate this issue.

For European organizations, particularly libraries, universities, and research institutions relying on FOLIO mod-data-export-spring, this vulnerability could lead to unauthorized disclosure and modification of sensitive user information, including personal data and account details. Attackers could manipulate system configurations, potentially disabling or altering single-sign-on mechanisms, which may facilitate further unauthorized access across integrated systems. The ability to alter fees and fines could result in financial fraud or disruption of administrative processes. Given the unauthenticated nature of the exploit, attackers could gain access without any prior credentials, increasing the risk of widespread abuse. This could undermine trust in digital services, lead to regulatory non-compliance under GDPR due to data breaches, and cause operational disruptions. The impact is particularly critical for institutions with large user bases and integrated authentication systems, as the compromise could cascade across multiple services.

Organizations should immediately identify if they are using affected versions of FOLIO mod-data-export-spring (versions before 1.5.4 and 2.0.0 to 2.0.2). If so, they should prioritize upgrading to a patched version once available or apply vendor-provided patches. In the absence of patches, organizations should implement compensating controls such as network segmentation to restrict access to the affected APIs, enforce strict firewall rules limiting inbound traffic to trusted IPs, and monitor API access logs for suspicious activity. Additionally, review and rotate any credentials or secrets related to the affected component. Disable or restrict single-sign-on configurations temporarily if possible to prevent exploitation. Conduct thorough audits of user data and configuration changes to detect any unauthorized modifications. Engage with the FOLIO community or maintainers for updates and guidance. Finally, ensure incident response plans are updated to handle potential exploitation scenarios.