CVE-2023-38335

Published: Jul 20, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".

Affected (1)

Products: Omnis: Studio

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Omnis Studio	Version 10.22.00

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (8)

http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Jul/41

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Jul/43

Source: cve@mitre.org

Not Applicable

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Jul/41

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Jul/43

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.