How severe is CVE-2022-44796?

CVE-2022-44796 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2022-44796

Name: ootbi
Author: objectfirst

9.8CRITICAL

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT toke

게시됨: 11/7/2022업데이트됨: 6/24/2025

설명

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in Object First Ootbi BETA build 1.0.13.1611.

AI 분석AI 기반

영향받는 제품

objectfirstootbi

참조

https://objectfirst.com/security/of-20221024-0002/
Vendor Advisory
https://objectfirst.com/security/of-20221024-0002/
Vendor Advisory