CVE-2024-8777

Published: Sep 16, 2024Modified: Sep 20, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: twcert@cert.org.tw (Secondary)

Description

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.

Affected (1)

Products: Syscomgo: Omflow

Syscomgo

1 product

Omflow

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Syscomgo Omflow	From 1.1.6.0 to 1.2.1.3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.twcert.org.tw/en/cp-139-8072-928a5-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8071-46589-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.