CVE-2024-23687 is a critical security vulnerability identified in the FOLIO mod-data-export-spring module, specifically affecting versions prior to 1.5.4 and versions from 2.0.0 to 2.0.2. The root cause of this vulnerability is the presence of hard-coded credentials within the software. These embedded credentials allow unauthenticated attackers to bypass normal authentication mechanisms and gain unauthorized access to critical APIs. Exploitation of this vulnerability enables attackers to perform a range of malicious actions, including modifying user data, altering system configurations such as single-sign-on (SSO) settings, and manipulating fees and fines within the system. The vulnerability is classified under CWE-798, which pertains to the use of hard-coded credentials, a well-known security anti-pattern that significantly undermines system security. The CVSS v3.1 base score of 9.1 reflects the high severity of this issue, highlighting that the attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality and integrity at a high level (C:H/I:H), though availability is not affected (A:N). No known exploits are currently reported in the wild, but the ease of exploitation and the critical impact make this a significant threat. The vulnerability affects critical components of the FOLIO platform, an open-source library services platform widely used by libraries and related institutions for managing data exports and integrations. The presence of hard-coded credentials means that attackers can directly leverage these credentials to gain unauthorized access without needing to guess or brute-force passwords, making exploitation straightforward once the vulnerability is known.

For European organizations, particularly those in the library, academic, and cultural heritage sectors that utilize the FOLIO platform, this vulnerability poses a substantial risk. Unauthorized access to critical APIs can lead to the compromise of sensitive user data, including personally identifiable information (PII) of patrons and staff. Modification of user data and configurations can disrupt normal operations, potentially leading to denial of service or loss of trust in the system. The ability to manipulate fees and fines could result in financial fraud or loss of revenue. Furthermore, unauthorized changes to single-sign-on configurations could open pathways for further lateral movement within organizational networks, increasing the risk of broader compromise. Given the critical nature of the vulnerability and the lack of required authentication, attackers can exploit this remotely over the network, increasing the likelihood of attacks against exposed systems. The impact extends beyond data confidentiality and integrity to operational disruption and reputational damage, which can be particularly severe for public institutions and universities that rely on FOLIO for essential services.

Immediate mitigation should focus on upgrading affected FOLIO mod-data-export-spring versions to 1.5.4 or later, or to versions beyond 2.0.2 where the hard-coded credentials have been removed. Organizations should audit their deployments to identify any instances running vulnerable versions. In the interim, network-level controls such as restricting access to the affected APIs via firewalls or VPNs can reduce exposure. Implementing strict network segmentation to isolate the FOLIO services from the public internet or untrusted networks is advisable. Additionally, organizations should review and rotate any credentials or secrets that may have been exposed due to this vulnerability. Monitoring and logging access to the APIs should be enhanced to detect any anomalous or unauthorized activity. Since the vulnerability involves hard-coded credentials, it is also recommended to conduct a comprehensive code review and security assessment of custom or third-party modules integrated with FOLIO to identify similar issues. Finally, organizations should prepare incident response plans specific to this vulnerability to quickly contain and remediate any exploitation attempts.