Improper Access Control in OMERO.server User Management Allows Privilege Escalation

Improper Access Control in OMERO.server User Management Allows Privilege Escalation

CVE-2018-1000634 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.

Learn more about our Cis Benchmark Audit For Server Software.