1. Home
  2. CVE Database
  3. CVE-2022-44795
MEDIUM · 6.5

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the supp...

Vulnerability Description

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611. Important note - This vulnerability is related to the Object First Ootbi BETA version, which is not released for production and therefore has no impact on the production environment. The production-ready Object First Ootbi version will have this vulnerability fixed.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
ObjectfirstOotbi< 1.0.13.1611

Related Weaknesses (CWE)

CWE-330

References

FAQ

What is CVE-2022-44795?

CVE-2022-44795 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the supp...

How severe is CVE-2022-44795?

CVE-2022-44795 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-44795?

Check the references section above for vendor advisories and patch information. Affected products include: Objectfirst Ootbi.