CVE Record: CVE-2024-8780

Required CVE Record Information

Description

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.

CWE 1 Total

Learn more

CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
6.5	MEDIUM	3.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

References 2 Total

https://www.twcert.org.tw/tw/cp-132-8077-7a7c0-1.html
external site
third-party-advisory
https://www.twcert.org.tw/en/cp-139-8078-36fc9-2.html
external site
third-party-advisory

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: TWCERT/CC

Description

CWE 1 Total

CVSS 1 Total

Product Status

References 2 Total

Authorized Data Publishers

CISA-ADP