← Retour aux CVEs
CVE-2023-38334
MEDIUM6.5
Description
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie7/20/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
omnis:studio
Faiblesses (CWE)
CWE-276
References
http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html(cve@mitre.org)
http://seclists.org/fulldisclosure/2023/Jul/42(cve@mitre.org)
http://seclists.org/fulldisclosure/2023/Jul/43(cve@mitre.org)
http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jul/42(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jul/43(af854a3a-2127-422b-91ae-364da2661108)
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.