PT-2018-9487 · Open Microscopy Environment · Omero.Server

Publicado

2018-08-20

Atualizado

2019-10-03

CVE-2018-1000634

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OMERO.server versions 5.4.0 through 5.4.6

Description The issue is related to improper access control in user management, allowing an administrative user with privilege restrictions to log in as a more powerful administrator. This can be exploited by using user administration privileges to set the password of a more powerful administrator.

Recommendations For OMERO.server versions 5.4.0 through 5.4.6, update to version 5.4.7 to resolve the issue.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2018-1000634

Produtos afetados

Omero.Server

PT-2018-9487 · Open Microscopy Environment · Omero.Server

CVE-2018-1000634

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4