CVE-2020-7932

Published: 17/06/2020 Updated: 24/06/2020

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.7 | Impact Score: 3.6 | Exploitability Score: 2.1

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

OMERO.web prior to 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openmicroscopy omero.web

iTaleem_CaseStudy Group Members Wan Hamzah Iyad bin Wan Adlan (2115449) - Leader Muhammad bin Abas Muhammad Arif Faisal bin Zahari (2117277) Assigned Tasks Muhammad bin Abas Wan Hamzah Iyad bin Wan Adlan Identify, evaluate and prevent of: CSP JS Library HTTPS implementation (TLS/SSL) Muhammad Arif Faisal bin Zahari (2117277) Identify, evaluate and prevent of: Coo

CWE-200 https://www.openmicroscopy.org/security/advisories/2019-SV4/https://nvd.nist.gov https://github.com/iyadadalan/iTaleem_CaseStudy

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-7932

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect