CVE-2023-38335

Опубликовано: 20 июл. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".

Ссылки

http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Jul/41
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/43
Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt
Third Party Advisory
http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Jul/41
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/43
Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:omnis:studio:10.22.00:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-276

Связанные уязвимости

GHSA-4x48-qpw5-qpgr