QwikSec

Security Database

CVE

CWE

Training

CVE-2023-38335

Published: Jul 20, 2023

Modified: Oct 24, 2024

PUBLISHED

Description

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt

20230721 [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)

mailing-list

http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html

20230724 APPLE-SA-2023-07-24-1 Safari 16.6

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.