CVE-2023-38334

Name of the Vulnerable Software and Affected Versions Omnis Studio version 10.22.00

Description The issue is related to incorrect access control in Omnis Studio. It has a feature for locking classes within Omnis libraries, which should make it impossible to delete, view, change, copy, rename, duplicate, or print a locked class. However, due to implementation issues, locked classes can be unlocked and further analyzed or modified. This allows for actions such as deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes, violating the expected behavior of an "irreversible operation."

Recommendations For Omnis Studio version 10.22.00, consider restricting access to the locking feature until a proper fix is implemented to ensure the irreversible nature of the lock operation. As a temporary workaround, avoid relying solely on the locking mechanism for security and implement additional access controls to minimize the risk of unauthorized modifications or analyses of locked classes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.