CVE-2023-38335 Information

Description

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries lways private\ - this is supposed to be an irreversible operation. However due to implementation issues lways private\ Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an \irreversible operation.

Reference

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt