CVE-2022-44795

Name of the Vulnerable Software and Affected Versions Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610

Description A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG, allowing prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this issue.

Recommendations For Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610, update to version 1.0.13.1611 to resolve the issue. As a temporary workaround, consider restricting access to system logs until the update is applied.