CVE-2024-8777 HIGH

CVE-2024-8777: The SYSCOM Group OMFLOW - Information Leakage

Vendor The Syscom Group

Product OMFLOW

Weakness CWE-200 · Info exposure

Published September 16, 2024

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.

Key dates

02Disclosure timeline

September 16, 2024 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8777

Related vulnerabilities

04Related CVE

CVE-2018-1074 CVE-2021-22529 Sensitive Data Exposure leaks potential information in NetIQ Advance Authentication CVE-2024-8979 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation CVE-2022-23633 Exposure of sensitive information in Action Pack CVE-2025-12738 Enumeration of restricted property value