Vulnerability Description
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openmicroscopy | Omero | >= 5.4.0, <= 5.4.6 |
Related Weaknesses (CWE)
References
- https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.htmlPatchVendor Advisory
- https://www.openmicroscopy.org/security/advisories/2018-SV3-modify-user-passwordVendor Advisory
- https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.htmlPatchVendor Advisory
- https://www.openmicroscopy.org/security/advisories/2018-SV3-modify-user-passwordVendor Advisory
FAQ
What is CVE-2018-1000634?
CVE-2018-1000634 is a vulnerability with a CVSS score of 7.2 (HIGH). The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restricti...
How severe is CVE-2018-1000634?
CVE-2018-1000634 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000634?
Check the references section above for vendor advisories and patch information. Affected products include: Openmicroscopy Omero.