27 matches found
Object First 安全特征问题特征问题漏洞
Object First is a Veeam best-of-breed storage solution from Object First. A security signature issue vulnerability exists in Object First version 1.0.7.712, which stems from the use of an insecure RNG in the command that creates URLs for support packages, which could allow an attacker to access...
PT-2022-27315 · Firstobject · Object First Ootbi Beta
Name of the Vulnerable Software and Affected Versions: Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610 Description: A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG,...
CVE-2022-44796
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...
CVE-2022-44796
CVE-2022-44796 concerns Object First Ootbi BETA. Affected versions: 1.0.7.712 (and up to 1.0.13.1610 per PT-2022-27316) with an authorization flow that allows access to the Web UI without credentials. The root cause is a JWT signing key generated by a function that does not produce cryptographica...
Object First 安全特征问题特征问题漏洞
Object First is a Veeam best-of-breed storage solution from Object First. A security feature issue vulnerability exists in Object First version 1.0.7.712, which stems from JWT tokens using keys generated by functions that do not produce cryptographically strong sequences, which can be predicted b...
CVE-2022-44795
CVE-2022-44795 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610 (fixed in 1.0.13.1611). The root cause is an insecure RNG used to create the URL for the support bundle, which could allow an attacker with credentials to predict the URL and access system logs, resulting in lo...
CVE-2022-44795
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...