CVE-2024-8780 MEDIUM

CVE-2024-8780: The SYSCOM Group OMFLOW - Improper Authorization for Data Query Function

Vendor The Syscom Group

Product OMFLOW

Weakness CWE-200 · Info exposure

Published September 16, 2024

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.

Key dates

02Disclosure timeline

September 16, 2024 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8780

Related vulnerabilities

CVE-2024-8780: The SYSCOM Group OMFLOW - Improper Authorization for Data Query Function

01Description

02Disclosure timeline

03References

04Related CVE