CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-3645

Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.044

EPSS Ranking 88.4%

CVSS Severity

CVSS v2 Score 7.5

References

http://seclists.org/fulldisclosure/2011/Sep/283
http://securityreason.com/securityalert/8394
http://www.exploit-db.com/exploits/17897
http://seclists.org/fulldisclosure/2011/Sep/283
http://securityreason.com/securityalert/8394
http://www.exploit-db.com/exploits/17897

Products affected by CVE-2011-3645

Newgensoft » Omnidocs » Version: Any

cpe:2.3:a:newgensoft:omnidocs:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-3645

Products

Pricing

Contact Us