Newgen Software Newgen OmniDocs Information Disclosure Vulnerability

Vulnerability

An information disclosure vulnerability exists in Newgen OmniDocs versions prior to 12.0.00. The issue arises in the file '/omnidocs/GetWebApiConfiguration', where the 'connectionDetails' argument can be manipulated to leak sensitive information. This vulnerability can be exploited remotely, although it requires a high level of complexity. A public exploit is available.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive information, specifically an RSA private key, which could be misused for decryption, token signing, or impersonating trusted services.

Added: Apr 2, 2026, 6:23 PM

Updated: Apr 2, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Newgen Software Newgen OmniDocs Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating