CVE-2011-3645
NONE EPSS 84.0%
Published Sep 27, 201114y ago · Modified Jun 16, 20262w ago
Published Sep 27, 2011 14y ago
Last Modified Jun 16, 2026 2w ago
Description
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
Threat Intelligence
EPSS Exploit Probability
84.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-264
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| newgensoft | omnidocs | * | any |
References 3
- seclists.org http://seclists.org/fulldisclosure/2011/Sep/283
- securityreason.com http://securityreason.com/securityalert/8394
- exploit-db.com http://www.exploit-db.com/exploits/17897
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.