Open Microscopy Environment OMERO.server up to 5.6.0 Permission default permission

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Open Microscopy Environment OMERO.server up to 5.6.0. Affected is some unknown processing of the component Permission. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field06/18/2020 06:56 AM06/18/2020 07:01 AM10/24/2020 08:40 PM
vendorOpen Microscopy EnvironmentOpen Microscopy EnvironmentOpen Microscopy Environment
nameOMERO.serverOMERO.serverOMERO.server
version<=5.6.0<=5.6.0<=5.6.0
componentPermissionPermissionPermission
risk222
historic000
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore7.57.57.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.47.47.4
cvss3_meta_tempscore7.47.47.4
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.37.37.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1592352000 (06/17/2020)1592352000 (06/17/2020)1592352000 (06/17/2020)
urlhttps://www.openmicroscopy.org/security/advisories/2019-SV2/https://www.openmicroscopy.org/security/advisories/2019-SV2/https://www.openmicroscopy.org/security/advisories/2019-SV2/
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2019-9943CVE-2019-9943CVE-2019-9943
seealso156835156835156835
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss3_nvd_basescore7.57.57.5
cwe0276 (privilege escalation)276 (privilege escalation)
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iHH
cvss3_nvd_aNN
cve_assigned15532992001553299200
cve_nvd_summaryIn ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.
confirm_urlhttps://www.openmicroscopy.org/security/advisories/2019-SV2/

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!