Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3645


Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3645
Last Modified 13 Feb 2012 11:08:58
Published 27 Sep 2011 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.

Vulnerable Systems


  • Newgensoft Omnidocs


EXPLOIT-DB - 17897

FULLDISC - 20110926 [CVE-2011-3645] Multiple vulnerability in

SREASON - 8394

FULLDISC - 20110926 [CVE-2011-3645] Multiple vulnerability in "Omnidocs"

Last Updated: 27 May 2016 10:58:14