← volver
CVE-2023-38334

CVE-2023-38334

EPSS 0.8%CWE-276
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
20 jul 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.htmlhttp://seclists.org/fulldisclosure/2023/Jul/42http://seclists.org/fulldisclosure/2023/Jul/43https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt