Lucene search

[email protected]NVD:CVE-2024-8780

HistorySep 16, 2024 - 6:15 a.m.

CVE-2024-8780

2024-09-1606:15:12

CWE-200

[email protected]

web.nvd.nist.gov

omflow

data query

vulnerability

remote attackers

regular privileges

accounts

password hashes

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.

Affected configurations

Nvd

Node

syscomgoomflowRange≤1.2.1.3

VendorProductVersionCPE
syscomgoomflow*cpe:2.3:a:syscomgo:omflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
syscomgo	omflow	*	cpe:2.3:a:syscomgo:omflow::::::::

References

www.twcert.org.tw/en/cp-139-8078-36fc9-2.html

www.twcert.org.tw/tw/cp-132-8077-7a7c0-1.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Related for NVD:CVE-2024-8780

vulnrichment1 cvelist1 cve1