CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-1000634

HIGH
7.2
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile1.49th
Published2018年8月20日
Last Modified2024年11月21日

Vulnerability Description

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.

Affected Platforms (CPE)

📦
Openmicroscopy

Omero

>= 5.4.0 and <= 5.4.6

References & Advisories

🔗 https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html
🔗 https://www.openmicroscopy.org/security/advisories/2018-SV3-modify-user-password/
🔗 https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html
🔗 https://www.openmicroscopy.org/security/advisories/2018-SV3-modify-user-password/

関連する脆弱性情報

CVE-2014-71988.8

OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.

CVE-2017-10004388.3

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file o...

CVE-2019-99437.5

In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissio...

CVE-2019-99447.5

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent ...