CVE-2024-8780

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.
Configurations

Configuration 1 (hide)

cpe:2.3:a:syscomgo:omflow:*:*:*:*:*:*:*:*

History

20 Sep 2024, 14:35

Type Values Removed Values Added
First Time Syscomgo omflow
Syscomgo
CPE cpe:2.3:a:syscomgo:omflow:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://www.twcert.org.tw/en/cp-139-8078-36fc9-2.html - () https://www.twcert.org.tw/en/cp-139-8078-36fc9-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8077-7a7c0-1.html - () https://www.twcert.org.tw/tw/cp-132-8077-7a7c0-1.html - Third Party Advisory

16 Sep 2024, 15:30

Type Values Removed Values Added
Summary
  • (es) OMFLOW de The SYSCOM Group no restringe adecuadamente el rango de consulta de su funcionalidad de consulta de datos, lo que permite a atacantes remotos con privilegios regulares obtener cuentas y hashes de contraseñas de otros usuarios.

16 Sep 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-16 06:15

Updated : 2024-09-20 14:35


NVD link : CVE-2024-8780

Mitre link : CVE-2024-8780

CVE.ORG link : CVE-2024-8780


JSON object : View

Products Affected

syscomgo

  • omflow
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor