CVE-2023-38335

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 20, 2023

Updated: Jul 31, 2023

Summary

CVE-2023-38335: Omnis Studio 10.22.00 contains a misconfigured access control issue. Contrary to its intended design, "always private" Omnis libraries can be accessed by the Omnis Studio browser, despite the feature being marketed as irreversible. This unexpected behavior poses a security risk, allowing unauthorized access to supposedly private libraries.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Omnis Studio

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r_p_28
https://www.cve.org/CVERecord?id=CVE-2023-38335
https://nvd.nist.gov/vuln/detail/CVE-2023-38335

Back to Vulnerability Database

CVE-2023-38335

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations