Omnis Studio vulnerabilities
3 known vulnerabilities affecting omnis/studio.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2000-0449P4CRITICALCVSS 10.0PoCv2.42000-05-01
CVE-2000-0449 [CRITICAL] CVE-2000-0449: Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields.
Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields.
nvd
CVE-2023-38334P4MEDIUMCVSS 6.5v10.22.002023-07-20
CVE-2023-38334 [MEDIUM] CWE-276 CVE-2023-38334: Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for lockin
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and
nvd
CVE-2023-38335P4MEDIUMCVSS 5.3v10.22.002023-07-20
CVE-2023-38335 [MEDIUM] CWE-276 CVE-2023-38335: Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis librari
Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior
nvd