漏洞标题
N/A
漏洞描述信息
Omnis Studio 10.22.00 存在不正确的访问控制。它宣传了一个不可逆的功能,用于锁定 Omnis 库中的类:应该不能再删除、查看、更改、复制、重命名、复制或打印被锁定的类。由于实现问题, Omnis 库中的锁定类可以解锁,从而由 Omnis Studio 进一步分析和修改。这允许进一步分析和删除、查看、更改、复制、重命名、复制或打印之前锁定的 Omnis 类。这违反了“不可逆操作”的预期行为。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
漏洞类别
关键资源的不正确权限授予
漏洞标题
N/A
漏洞描述信息
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Omnis Studio 安全漏洞
漏洞描述信息
Omnis Studio是Omnis公司的一种快速的应用程序开发工具。 Omnis Studio 10.22.00版本存在安全漏洞,该漏洞源于Omnis库中的锁定类会解锁并通过Omnis Studio修改浏览器。
CVSS信息
N/A
漏洞类别
其他