Lucene search

TwcertCVE-2024-8780

HistorySep 16, 2024 - 6:15 a.m.

CVE-2024-8780

2024-09-1606:15:12

CWE-200

twcert

web.nvd.nist.gov

omflow

syscom group

data query

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.

Affected configurations

Nvd

Node

syscomgoomflowRange≤1.2.1.3

VendorProductVersionCPE
syscomgoomflow*cpe:2.3:a:syscomgo:omflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
syscomgo	omflow	*	cpe:2.3:a:syscomgo:omflow::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OMFLOW",
    "vendor": "The SYSCOM Group",
    "versions": [
      {
        "lessThanOrEqual": "1.2.1.2",
        "status": "affected",
        "version": "1.1.6.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/en/cp-139-8078-36fc9-2.html

www.twcert.org.tw/tw/cp-132-8077-7a7c0-1.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

Related for CVE-2024-8780