CVE-2024-8780

Published: Sep 16, 2024Modified: Sep 20, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: twcert@cert.org.tw (Secondary)

Description

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.

Affected (1)

Products: Syscomgo: Omflow

Syscomgo

1 product

Omflow

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Syscomgo Omflow	Up to 1.2.1.3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.twcert.org.tw/en/cp-139-8078-36fc9-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8077-7a7c0-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.