Unauthorized Remote Access to System Configurations via Information Leakage Vulnerability

CVE-2024-8777

7.5HIGH

Key Information

Vendor: The Syscom Group
Status: Omflow
Vendor: CVE Published:; 16 September 2024

Summary

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.

Affected Version(s)

OMFLOW <= 1.2.1.2

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 16, 2024
Vulnerability Reserved.
Sep 13, 2024

Collectors

NVD DatabaseMitre Database