Vulnerabilities (CVE)

Filtered by vendor Openmicroscopy Subscribe
Filtered by product Omero.server
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9944 1 Openmicroscopy 1 Omero.server 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames.
CVE-2019-9943 1 Openmicroscopy 1 Omero.server 2024-11-21 5.0 MEDIUM 7.5 HIGH
In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.
CVE-2019-16244 1 Openmicroscopy 1 Omero.server 2024-11-21 7.5 HIGH 9.8 CRITICAL
OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query.