go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

The SYSCOM Group OMFLOW - Broken Access Control

TVN ID TVN-202409019
CVE ID CVE-2024-8779
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products OMFLOW from version 1.1.6.0 to 1.2.1.2
Description OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server.
Solution Update to version 1.2.1.3 or later.
Credit Sideman (DEVCORE)
Public Date 2024-09-13
Top