CVE-2023-38334
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-14 CVE Reserved
- 2023-07-20 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-08-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2023/Jul/43 | Mailing List |
|
| https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html | 2024-08-02 | |
| http://seclists.org/fulldisclosure/2023/Jul/42 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|