Description
Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. In the worst case, all available resources are consumed while processing the data, resulting in unavailability of the service to legitimate users. This occurs because non-editable parameters can be modified by manually editing a disabled form field within the developer options.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154061/OmniDoc-7.0-Input-Validation.html
Exploit, Third Party Advisory x_refsource_misc
https://packetstormsecurity.com/files/cve/CVE-2018-17791
Scores
CVSS v3
7.5
EPSS
0.0191
EPSS Percentile
77.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-669
Status
published
Products (1)
newgensoft/omniflow_intelligent_business_process_suite
7.0
Published
Aug 21, 2019
Tracked Since
Feb 18, 2026