Vulnerability CVE-2019-9943

Vulnerability CVE-2019-9943

Published: 2020-06-17

Description:

In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.

Type:

CWE-276

(Incorrect Default Permissions)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Openmicroscopy -> Omero.server

References:

https://www.openmicroscopy.org/security/advisories/2019-SV2/

Copyright 2024, cxsecurity.com