CVE-2024-8777

HIGH

OMFLOW - Info Disclosure

Title source: llm

Description

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.

References (2)

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-8072-928a5-2.html

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-8071-46589-1.html

Scores

CVSS v3 7.5

EPSS 0.0017

EPSS Percentile 37.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (1)

syscomgo/omflow < 1.2.1.3

Timeline

Published Sep 16, 2024

Tracked Since Feb 18, 2026