HIGH🇵🇱 Wersja polska

CVE-2019-9943

CVSS 7.5v3.1pub. 2020-06-17upd. 2024-11-21

In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Openmicroscopy Omero.server

    APP
    Openmicroscopy
    5.1.0 – 5.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-16244CRITICAL9.8ten sam produkt

OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a craf...

CVE-2019-9944HIGH7.5ten sam produkt

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image file...

CVE-2021-41132CRITICAL9.8ten sam vendor

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of tem...

CVE-2014-7198HIGH8.8ten sam vendor

OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSR...

CVE-2018-1000633HIGH7.2ten sam vendor

The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log ...