Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Objectfirst Security Vulnerabilities

cve
cve

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an....

6.5CVSS

6.2AI Score

0.001EPSS

2022-11-07 04:15 AM
26
15
cve
cve

CVE-2022-44794

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to.....

8.8CVSS

8.8AI Score

0.002EPSS

2022-11-07 04:15 AM
28
13
cve
cve

CVE-2022-44796

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...

9.8CVSS

9.1AI Score

0.002EPSS

2022-11-07 04:15 AM
38
14