Vulnerability Description
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Newgensoft | Omnidocs | All versions |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2011/Sep/283
- http://securityreason.com/securityalert/8394
- http://www.exploit-db.com/exploits/17897
- http://seclists.org/fulldisclosure/2011/Sep/283
- http://securityreason.com/securityalert/8394
- http://www.exploit-db.com/exploits/17897
FAQ
What is CVE-2011-3645?
CVE-2011-3645 is a vulnerability with a CVSS score of 7.5 (HIGH). Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a mo...
How severe is CVE-2011-3645?
CVE-2011-3645 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3645?
Check the references section above for vendor advisories and patch information. Affected products include: Newgensoft Omnidocs.