CVE-2024-8778 MEDIUM

CVE-2024-8778: The SYSCOM Group OMFLOW - Arbitrary File Read

Vendor The Syscom Group
Product OMFLOW
Weakness CWE-36
Published September 16, 2024
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.

Key dates

02Disclosure timeline

September 16, 2024 CVE published
September 16, 2024 Record updated