CVE-2024-8777
EUVD-2024-4940916.09.2024, 06:15
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| syscomgo | omflow | 1.1.6.0 ≤ 𝑥 < 1.2.1.3 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| syscomgo | omflow | 1.1.6.0 ≤ 𝑥 ≤ 1.2.1.2 | ADP |
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.