Sensitive Data Exposure Vulnerability Affects OMFLOW Users
CVE-2024-8969

6.5MEDIUM

Key Information:

Vendor: The Syscom Group
Status: Omflow
Vendor: CVE Published:; 18 September 2024

🔔 Create The Syscom Group Vulnerability Alert

What is CVE-2024-8969?

OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators.

Affected Version(s)

OMFLOW 0 < 1.2.0

References

https://www.twcert.org.tw/tw/cp-132-8100-f6827-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8101-193d8-2.html

third-party-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Sep 18, 2024