CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000634

HIGH
7.2
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile1.49th
PublishedAug 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.

Affected Platforms (CPE)

πŸ“¦
Openmicroscopy

Omero

>= 5.4.0 and <= 5.4.6

References & Advisories

πŸ”— https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html
πŸ”— https://www.openmicroscopy.org/security/advisories/2018-SV3-modify-user-password/
πŸ”— https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html
πŸ”— https://www.openmicroscopy.org/security/advisories/2018-SV3-modify-user-password/

Related Vulnerabilities

CVE-2014-71988.8

OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.

CVE-2017-10004388.3

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file o...

CVE-2019-99437.5

In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissio...

CVE-2019-99447.5

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent ...