← Back to CVEs

CVE-2023-38334

MEDIUM

6.5

Description

Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."

CVE Details

CVSS v3.1 Score6.5

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published7/20/2023

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

omnis:studio

Weaknesses (CWE)

CWE-276

References

http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html(cve@mitre.org)

http://seclists.org/fulldisclosure/2023/Jul/42(cve@mitre.org)

http://seclists.org/fulldisclosure/2023/Jul/43(cve@mitre.org)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt(cve@mitre.org)

http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2023/Jul/42(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2023/Jul/43(af854a3a-2127-422b-91ae-364da2661108)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.