CVE-2016-8347 Kabona Ab CVE debrief

Who should care

Organizations running Kabona AB WebDatorCentral, especially administrators of internet-facing or remotely reachable instances, should treat this as a high-priority authentication hardening issue.

Technical summary

NVD classifies the issue as CWE-287 (Improper Authentication) and rates it Critical with CVSS 3.0 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The published description states that WDC did not limit authentication attempts prior to version 3.4.0, which can enable brute-force attack methods against login workflows.

Defensive priority

High. Authentication controls are a core exposure point, and the published CVSS score indicates a network-reachable issue with no privileges or user interaction required.

Recommended defensive actions

• Upgrade WebDatorCentral to version 3.4.0 or later, as the advisory states versions prior to 3.4.0 are affected.
• Restrict exposure of WDC authentication interfaces to trusted networks where possible.
• Add server-side rate limiting, temporary lockouts, and monitoring for repeated failed logins.
• Review authentication logs for repeated failures or unusual login patterns.
• Consider additional compensating controls such as MFA where supported by the deployment environment.

Evidence notes

Primary evidence comes from the NVD record for CVE-2016-8347, which describes the lack of authentication attempt limits in WDC prior to 3.4.0 and assigns CWE-287 with a Critical CVSS 3.0 vector. NVD references a U.S. government advisory (ICSA-16-287-07) and a SecurityFocus BID entry, supporting the public disclosure timeline. The CVE was published on 2017-02-13 and later modified on 2026-05-13; those dates are used here only as record timing context.

Official resources