VYPR

OMERO.web

by Open Microscopy Environment

CVEs (2)

  • CVE-2017-1000438HigJan 2, 2018
    risk 0.54cvss 8.3epss 0.01

    In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.

  • CVE-2018-1000633HigAug 20, 2018
    risk 0.47cvss 7.2epss 0.01

    The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to…