Vulnerability Description
Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omnis | Studio | 10.22.00 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-SettinExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2023/Jul/41ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2023/Jul/43Not Applicable
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.tThird Party Advisory
- http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-SettinExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2023/Jul/41ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2023/Jul/43Not Applicable
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.tThird Party Advisory
FAQ
What is CVE-2023-38335?
CVE-2023-38335 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementati...
How severe is CVE-2023-38335?
CVE-2023-38335 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38335?
Check the references section above for vendor advisories and patch information. Affected products include: Omnis Studio.