CVE-2024-8969 MEDIUM

CVE-2024-8969: The SYSCOM Group OMFLOW - Exposure of Sensitive Data

Vendor The Syscom Group

Product OMFLOW

Weakness CWE-200 · Info exposure

Published September 18, 2024

Last update September 18, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators.

Key dates

02Disclosure timeline

September 18, 2024 CVE published

September 18, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8969 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2024-8969: The SYSCOM Group OMFLOW - Exposure of Sensitive Data

01Description

02Disclosure timeline

03References

04Related CVE