CVE-2018-17791

HIGH

Newgen OmniFlow iBPS 7.0 - Info Disclosure

Title source: llm

Description

Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. In the worst case, all available resources are consumed while processing the data, resulting in unavailability of the service to legitimate users. This occurs because non-editable parameters can be modified by manually editing a disabled form field within the developer options.

References (2)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/154061/OmniDoc-7.0-Input-Validation.html

[Exploit, Third Party Advisory] https://packetstormsecurity.com/files/cve/CVE-2018-17791

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 55.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-669

Status published

Products (1)

newgensoft/omniflow_intelligent_business_process_suite 7.0

Published Aug 21, 2019

Tracked Since Feb 18, 2026