CVE-2023-38335

Name of the Vulnerable Software and Affected Versions Omnis Studio version 10.22.00

Description The issue is related to incorrect access control in Omnis Studio. It has a feature to make Omnis libraries "always private", which is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks, violating the expected behavior of an "irreversible operation".

Recommendations For Omnis Studio version 10.22.00, as a temporary workaround, consider restricting access to the Omnis Studio browser to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.