CVE-2018-17791

Name of the Vulnerable Software and Affected Versions Newgen OmniFlow Intelligent Business Process Suite (iBPS) version 7.0

Description The issue arises from improper server-side validation, allowing client-side validations to be tampered with. This enables inappropriate information to be stored on the server and fetched every time a user visits, potentially causing business confusion. In severe cases, the exploitation can lead to the consumption of all available resources while processing the data, resulting in the unavailability of the service to legitimate users. This vulnerability is exploited by manually editing a disabled form field within the developer options, which allows non-editable parameters to be modified.

Recommendations For Newgen OmniFlow Intelligent Business Process Suite (iBPS) version 7.0, consider restricting access to the developer options to prevent manual editing of disabled form fields until a proper fix is implemented. Additionally, as a temporary workaround, monitor server resource consumption closely to mitigate the risk of service unavailability due to excessive data processing.