Note: Object First will continue to update this vulnerability as new information becomes available.
A flaw was found in Web Service, which could lead to local information disclosure. The command which creates the URL for the support bundle uses insecure RNG. That can lead to predicting of generated URL.
As a result, an attacker can get access to system logs. An attacker should know the credentials to exploit this vulnerability.
|CVE||CVSS 3.x Score||Vector|
Object First 22.214.171.1242
Not affected versions:
Software Versions and Fixes
Fixed in Object First version 126.96.36.1991
Update to Object First version 188.8.131.521 or higher
Obtaining Software Fixes
Software updates will be available in Object First Update Manager. You can contact Support directly via email at firstname.lastname@example.org or via phone at +1 800 6657145.
Status of Notice
Object First will continue to update information regarding this vulnerability as new details become available.
This vulnerability article should be considered as the single source of current, up-to-date, authorized and accurate information posted by Object First Software.
|1.0||2022-10-24||Initial Public Release and Final Status|
|2.0||2022-11-09||Added CVE number and NVD reference|