exploitDog

CVE-2024-8779

Опубликовано: 16 сент. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server.

Ссылки

https://www.twcert.org.tw/en/cp-139-8076-6ade0-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8075-a0d06-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:syscomgo:omflow:*:*:*:*:*:*:*:*

Версия от 1.1.6.0 (включая) до 1.2.1.3 (исключая)

EPSS

Процентиль: 68%

0.00557

Низкий

8.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-g5x5-v9cp-7w65

CVSS3: 8.8

github

больше 1 года назад

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server.

EPSS

Процентиль: 68%

0.00557

Низкий

8.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other