exploitDog

CVE-2024-8780

Опубликовано: 16 сент. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.

Ссылки

https://www.twcert.org.tw/en/cp-139-8078-36fc9-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8077-7a7c0-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:syscomgo:omflow:*:*:*:*:*:*:*:*

Версия до 1.2.1.3 (включая)

EPSS

Процентиль: 36%

0.00152

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-chwm-h2rg-vxxf

CVSS3: 6.5

github

больше 1 года назад

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.

EPSS

Процентиль: 36%

0.00152

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo