Primary

Context

Newgensoft OmniDocs Insecure Direct Object Reference Vulnerability Allowing PII Theft

Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Newgensoft OmniDocs version 11.0_SP1_03_006. This vulnerability resides in the 'getuserproperty' function, where improper access control allows unauthorized users to access and steal configuration data and Personally Identifiable Information (PII) from other users.

Impact

Exploitation of this vulnerability leads to unauthorized access to users' configuration and PII, allowing it to be stolen by the attacker.

Remediation

Users can upgrade to Newgensoft OmniDocs version 11.0_SP1_03_016 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Newgensoft OmniDocs Insecure Direct Object Reference Vulnerability Allowing PII Theft

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating