CVE-2018-1000633

HIGH

OMERO.web < 5.4.7 - Exposure of Sensitive Information via Login and Password Change Logs

Title source: llm
STIX 2.1

Description

The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html

Scores

CVSS v3 7.2
EPSS 0.0122
EPSS Percentile 64.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (1)
openmicroscopy/omero < 5.4.7
Published Aug 20, 2018
Tracked Since Feb 18, 2026