7 matches found
CVE-2018-1000633
The vulnerability CVE-2018-1000633 affects Open Microscopy Environment OMERO.web prior to version 5.4.7. It exposes user passwords through log files created during login and password-change forms, enabling an attacker to read web server logs and potentially log in as the affected user. The issue ...
CVE-2017-1000438
CVE-2017-1000438 concerns OMERO 5.3.3 and earlier, where a user could create an OriginalFile and adjust its path to point to another user’s file on the underlying filesystem, allowing manipulation of that user’s data. The root cause is improper handling of file paths for OriginalFile records, ena...
CVE-2018-1000634
The vulnerability CVE-2018-1000634 affects Open Microscopy Environment OMERO.server versions 5.4.0–5.4.6. It is an Improper Access Control flaw in User management that can allow an administrative user with restricted privileges to log in as a more powerful administrator. The attack is described a...
CVE-2014-7198
CVE-2014-7198 affects OMERO prior to 5.0.6, where the web interface framework lacks CSRF protection, enabling multiple CSRF vulnerabilities. The root cause is missing CSRF protection in the OMERO web UI, exposing actions initiated by forged requests to potentially impact confidentiality, integrit...
CVE-2020-6752
CVE-2020-6752 affects OMERO.server prior to 5.6.1. According to the connected CNVD entries, group owners can access members’ data in other groups, revealing an information-disclosure risk due to a pre-5.6.1 access-control issue. The vulnerability is described across sources as existing in OMERO.s...
CVE-2018-1000635
The Open Microscopy Environment OMERO.server (versions 5.4.0–5.4.6) contains an information exposure vulnerability in which data sent by the server can disclose sensitive information, enabling an attacker to gain full administrative access and potentially disable the server. The issue is stated t...
CVE-2019-16245
The CVE affects OMERO server prior to version 5.6.1, where per-user details are inadvertently exposed to all users. The underlying issue is an information-disclosure flaw in OMERO.server (before 5.6.1). Exploitation would reveal user-specific details to unauthorized users. Remediation per public ...