← voltar
CVE-2023-38335

CVE-2023-38335

EPSS 1.1%CWE-276
Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.htmlhttp://seclists.org/fulldisclosure/2023/Jul/41http://seclists.org/fulldisclosure/2023/Jul/43https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt