Primary

Context

Salesforce OmniStudio Improper Preservation of Permissions Vulnerability Allowing Exposure of Custom Settings Data

Vulnerability

A vulnerability in Salesforce OmniStudio (FlexCards) prior to version 254 allows for the improper preservation of permissions, leading to the exposure of Custom Settings data. This issue affects both Core and managed packages within OmniStudio.

Impact

Exploitation of this vulnerability could result in unauthorized access to Custom Settings data, potentially exposing sensitive information.

Remediation

Users should review the affected components (Flexcards) and verify that individuals experiencing data access issues have the necessary field-level security and permissions. User profiles or permission sets may need to be updated to restore the expected data visibility.

Added: Jun 10, 2025, 1:40 PM

Updated: Jun 10, 2025, 1:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce OmniStudio Improper Preservation of Permissions Vulnerability Allowing Exposure of Custom Settings Data

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating