← Volver a CVEs
CVE-2023-38334
MEDIUM6.5
Descripcion
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/20/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
omnis:studio
Debilidades (CWE)
CWE-276
Referencias
http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html(cve@mitre.org)
http://seclists.org/fulldisclosure/2023/Jul/42(cve@mitre.org)
http://seclists.org/fulldisclosure/2023/Jul/43(cve@mitre.org)
http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jul/42(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jul/43(af854a3a-2127-422b-91ae-364da2661108)
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.