CVE-2024-8780

Summary

CVE-2024-8780 is a vulnerability in OMFLOW from The SYSCOM Group, which fails to properly restrict the query range of its data query functionality. This flaw allows remote attackers with standard privileges to access other users' accounts and password hashes, posing a high confidentiality risk. Affected products include yonWmI, yonWmH, and yoK7B4. To mitigate this vulnerability, organizations should implement proper access controls and restrict data queries to authorized users only. The vulnerability has been rated with a medium severity score of 6.5, indicating that while the attack complexity is low, the potential for significant data exposure is concerning.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.