汇总 syscomgo 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 路径处理缺陷 相关,可能在 生产负载与软件部署 场景中带来 文件覆盖 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-8780 | OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users. | [email protected] | 6.5 | 0.15% | 2024-09-16 | 2024-09-20 |
| CVE-2024-8779 | OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server. | [email protected] | 8.8 | 0.56% | 2024-09-16 | 2024-09-17 |
| CVE-2024-8778 | OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files. | [email protected] | 6.5 | 0.15% | 2024-09-16 | 2024-09-20 |
| CVE-2024-8777 | OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials. | [email protected] | 7.5 | 0.17% | 2024-09-16 | 2024-09-20 |