Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3645

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3645
Last Modified 13 Feb 2012 11:08:58
Published 27 Sep 2011 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3645

Summary

Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.

Vulnerable Systems

Application

  • Newgensoft Omnidocs


References

EXPLOIT-DB - 17897

FULLDISC - 20110926 [CVE-2011-3645] Multiple vulnerability in

SREASON - 8394

FULLDISC - 20110926 [CVE-2011-3645] Multiple vulnerability in "Omnidocs"


Last Updated: 27 May 2016 10:58:14