CVE-2024-8778

Summary

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.

Affected Software

VendorProductVersion RangeStatus
The SYSCOM GroupOMFLOW1.1.6.0 <= 1.2.1.2affected

Weaknesses

  • CWE-36: CWE-36 Absolute Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References