CVE-2024-8777
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The SYSCOM Group | OMFLOW | 1.1.6.0 <= 1.2.1.2 | affected |
Weaknesses
- CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-8071-46589-1.html
- https://www.twcert.org.tw/en/cp-139-8072-928a5-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.