Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-20T00:00:00
Updated: 2024-08-02T17:39:12.753Z
Reserved: 2023-07-14T00:00:00
Link: CVE-2023-38335
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-20T18:15:12.227
Modified: 2023-07-31T18:42:46.760
Link: CVE-2023-38335
Redhat
No data.