PT-2018-9487 · Open Microscopy Environment · Omero.Server
Published
2018-08-20
·
Updated
2019-10-03
·
CVE-2018-1000634
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OMERO.server versions 5.4.0 through 5.4.6
Description
The issue is related to improper access control in user management, allowing an administrative user with privilege restrictions to log in as a more powerful administrator. This can be exploited by using user administration privileges to set the password of a more powerful administrator.
Recommendations
For OMERO.server versions 5.4.0 through 5.4.6, update to version 5.4.7 to resolve the issue.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Omero.Server