Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38334

Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."

Published

2023-07-20T18:15:12.170

Last Modified

2024-11-21T08:13:21.303

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-Other
Type: Secondary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	omnis	studio	10.22.00	Yes

References

http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2023/Jul/42 Exploit, Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2023/Jul/43 Not Applicable ([email protected])
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jul/42 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jul/43 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)