How severe is CVE-2022-44796?

CVE-2022-44796 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2022-44796

Name: ootbi
Author: objectfirst

9.8CRITICAL

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT toke

公開日: 11/7/2022更新日: 6/24/2025

説明

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in Object First Ootbi BETA build 1.0.13.1611.

AI分析AIによる分析

影響を受ける製品

objectfirstootbi

参照

https://objectfirst.com/security/of-20221024-0002/
Vendor Advisory
https://objectfirst.com/security/of-20221024-0002/
Vendor Advisory