Newgen Software Newgen OmniDocs Insecure Direct Object Reference Vulnerability

Vulnerability

An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Newgen OmniDocs versions through 12.0.00. The issue resides in the file '/omnidocs/WebApiRequestRedirection', where the 'DocumentId' parameter is not properly validated before being used to access documents. This lack of authorization checks allows remote attackers to manipulate the parameter and retrieve documents that should not be accessible, including sensitive client records and company registration files.

Impact

Exploitation of this vulnerability leads to unauthorized access to documents, potentially including sensitive information such as client-related records and company registration documents.

Added: Apr 2, 2026, 6:23 PM

Updated: Apr 2, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Newgen Software Newgen OmniDocs Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating