Newgen · Newgen Omnidocs · CVE-2011-3645
**Name of the Vulnerable Software and Affected Versions**
Newgen OmniDocs (affected versions not specified)
**Description**
The issue allows remote attackers to bypass intended access restrictions. This can be achieved through modifying the `FolderRights` parameter to the "doccab/doclist.jsp" endpoint, leading to arbitrary permission changes. Alternatively, modifying the `UserIndex` parameter to the "doccab/userprofile/editprofile.jsp" endpoint allows selecting the settings page of an arbitrary user.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.