CVE-2024-8778

Medium

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular…

twcert·CWE-36·Published 2024-09-16

CVSS

6.5

EPSS

0.01

KEV

Exploits

cve.orgen

179 chars

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.

NVDen

179 chars

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.

OMFLOW de The SYSCOM Group no valida correctamente la entrada del usuario en la funcionalidad de descarga, lo que permite a atacantes remotos con privilegios regulares leer archivos de sistema arbitrarios.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N