How severe is CVE-2022-44796?

CVE-2022-44796 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2022-44796

Name: ootbi
Author: objectfirst

9.8CRITICAL

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT toke

Publicado: 11/7/2022Atualizado: 6/24/2025

Descrição

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in Object First Ootbi BETA build 1.0.13.1611.

Análise IADesenvolvido por IA

Produtos Afetados

objectfirstootbi

Referências

https://objectfirst.com/security/of-20221024-0002/
Vendor Advisory
https://objectfirst.com/security/of-20221024-0002/
Vendor Advisory