Primary

Context

Salesforce OmniStudio Improper Preservation of Permissions Vulnerability in DataMapper Component

Vulnerability

A vulnerability in Salesforce OmniStudio's DataMapper feature allows for the improper preservation of permissions, leading to the exposure of encrypted data. This issue affects OmniStudio versions prior to Spring 2025.

Impact

Exploitation of this vulnerability could result in unauthorized access to encrypted data, potentially allowing sensitive information to be exposed.

Remediation

Customers should review the DataMapper component, verify that users experiencing data access issues have the necessary field-level security and permissions, and update user profiles or permission sets as needed to restore expected data visibility.

Added: Jun 10, 2025, 1:54 PM

Updated: Jun 10, 2025, 1:54 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce OmniStudio Improper Preservation of Permissions Vulnerability in DataMapper Component

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating