go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

The SYSCOM Group OMFLOW - Arbitrary File Read

TVN ID TVN-202409018
CVE ID CVE-2024-8778
CVSS 6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products OMFLOW from version 1.1.6.0 to 1.2.1.2
Description OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.
Solution Update to version 1.2.1.3 or later.
Credit Sideman (DEVCORE)
Public Date 2024-09-13
Top