Lucene search

K
vulnrichmentMitreVULNRICHMENT:CVE-2023-38335
HistoryJul 20, 2023 - 12:00 a.m.

CVE-2023-38335

2023-07-2000:00:00
mitre
github.com
1
omnis studio
access control
irreversible operation

AI Score

6.8

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries “always private” - this is supposed to be an irreversible operation. However, due to implementation issues, “always private” Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an “irreversible operation”.

AI Score

6.8

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

Related for VULNRICHMENT:CVE-2023-38335