CVE-2024-8969

OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators...

CVE-2024-8969 The SYSCOM Group OMFLOW - Exposure of Sensitive Data

OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators...

CVE-2024-8969 The SYSCOM Group OMFLOW - Exposure of Sensitive Data

OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators...

CVE-2024-8779

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server...

CVE-2024-8778

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files...

CVE-2024-8777

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...

CVE-2024-8780 The SYSCOM Group OMFLOW - Improper Authorization for Data Query Function

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users...

CVE-2024-8780 The SYSCOM Group OMFLOW - Improper Authorization for Data Query Function

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users...

CVE-2024-8780

The CVE-2024-8780 issue affects OMFLOW from The SYSCOM Group, where the data query function does not properly restrict the query range. This root cause allows remote attackers with regular privileges (network access, low privilege) to obtain accounts and password hashes of other users, as stated ...

CVE-2024-8779 The SYSCOM Group OMFLOW - Broken Access Control

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server...

CVE-2024-8779 The SYSCOM Group OMFLOW - Broken Access Control

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server...

CVE-2024-8778 The SYSCOM Group OMFLOW - Arbitrary File Read

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files...

CVE-2024-8778 The SYSCOM Group OMFLOW - Arbitrary File Read

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files...

CVE-2024-8777 The SYSCOM Group OMFLOW - Information Leakage

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...

CVE-2024-8777 The SYSCOM Group OMFLOW - Information Leakage

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...

PT-2024-39244 · Syscom · Omflow

Name of the Vulnerable Software and Affected Versions: OMFLOW from The SYSCOM Group affected versions not specified Description: The issue is related to the download functionality in OMFLOW, which does not properly validate user input. This allows remote attackers with regular privileges to read...

PT-2024-39245 · Syscom · Omflow

Name of the Vulnerable Software and Affected Versions: OMFLOW from The SYSCOM Group affected versions not specified Description: The issue allows remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the...