Ootbi Security Vulnerabilities and Issues — Ootbi CVE List

ObjectfirstOotbi

3 matches found

CVE•added 2022/11/07 12:0 a.m.•79 views

CVE-2022-44796

CVE-2022-44796 concerns Object First Ootbi BETA. Affected versions: 1.0.7.712 (and up to 1.0.13.1610 per PT-2022-27316) with an authorization flow that allows access to the Web UI without credentials. The root cause is a JWT signing key generated by a function that does not produce cryptographica...

9.8CVSS9.2AI score0.00671EPSS

CVE•added 2022/11/07 12:0 a.m.•62 views

CVE-2022-44794

CVE-2022-44794 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610. The root cause is an input validation flaw in the hostname-setting command within the management protocol, allowing a remote attacker with credentials to pass arbitrary data to Bash, enabling arbitrary code ex...

8.8CVSS8.8AI score0.00954EPSS

CVE•added 2022/11/07 12:0 a.m.•51 views

CVE-2022-44795

CVE-2022-44795 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610 (fixed in 1.0.13.1611). The root cause is an insecure RNG used to create the URL for the support bundle, which could allow an attacker with credentials to predict the URL and access system logs, resulting in lo...

6.5CVSS6.2AI score0.00523EPSS