Headline
CVE-2022-44795: Information disclosure vulnerability in Object First - Object First
An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.
Note: Object First will continue to update this vulnerability as new information becomes available.
Date: 2022-10-24
Status: Final
CVEs: TBA
- Overview
- Affected Versions
- Remediation
- Revision History
****Summary****
A flaw was found in Web Service, which could lead to local information disclosure. The command which creates the URL for the support bundle uses insecure RNG. That can lead to predicting of generated URL.
****Impact** **
As a result, an attacker can get access to system logs. An attacker should know the credentials to exploit this vulnerability.
****Vulnerability Scoring****
CVE
CVSS 3.x Score
Vector
TBA
–
–
References
Resource
Hyperlink
NIST NVD
TBA
****Affected Versions:****
Object First 1.0.7.712
Not affected versions:
N/A
****Software Versions and Fixes****
Fixed in Object First version 1.0.13.1611
****Workaround****
Update to Object First version 1.0.13.1611 or higher
****Obtaining Software Fixes** **
Software updates will be available in Object First Update Manager. You can contact Support directly via email at [email protected] or via phone at +1 800 6657145.
****Status of Notice****
Final
Object First will continue to update information regarding this vulnerability as new details become available.
This vulnerability article should be considered as the single source of current, up-to-date, authorized and accurate information posted by Object First Software.
Revision History
Revision #
Date
Comments
1.0
2022-10-24
Initial Public Release and Final Status