How severe is CVE-2023-38334?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-38334?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2023-38334 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."

Related Vulnerabilities

CVE-2017-0369

MEDIUM

CVSS:6.5(Medium)

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

CWE-2762017

CVE-2017-1000084

MEDIUM

CVSS:6.5(Medium)

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in...

CWE-2762017

CVE-2018-13286

MEDIUM

CVSS:6.5(Medium)

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world re...

CWE-2762018

CVE-2018-13287

MEDIUM

CVSS:6.5(Medium)

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readab...

CWE-2762018

CVE-2019-10463

MEDIUM

CVSS:6.5(Medium)

A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CWE-2762019

CVE-2019-10469

MEDIUM

CVSS:6.5(Medium)

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credenti...

CWE-2762019