Untitled

Title: CVE-2024-39033 - Insecure Direct Object Reference in Newgensoft OmniDocs

==========================================
[Description]
In Newgensoft OmniDocs 11.0_SP1_03_006, an Insecure Direct Object Reference (IDOR) vulnerability in the `getuserproperty` function allows users' configuration and Personally Identifiable Information (PII) to be stolen.

------------------------------------------
[Additional Information]
This vulnerability was discovered during authorized penetration testing. The vendor has fixed the vulnerability in a newer version. Our company uses the OmniDocs application.

------------------------------------------
[Vulnerability Type]
Incorrect Access Control

------------------------------------------
[Vendor of Product]
Newgensoft

------------------------------------------
[Affected Product Code Base]
- Affected Version: OmniDocs 11.0_SP1_03_006
- Fixed Version: OmniDocs 11.0_SP1_03_016

------------------------------------------
[Affected Component]
Insecure Direct Object Reference (IDOR) vulnerability in the `getuserproperty` function. The `ID` parameter sent in the JSON payload is vulnerable.

**Vulnerable URI**:
/omnidocs/controllerservlet?requestcall=Component.OmniDocsAdmin.Users.GetUserProperty


------------------------------------------
[Attack Type]
Remote

------------------------------------------
[Impact Information Disclosure]
true

------------------------------------------
[Attack Vectors]
The attack vector is through the network. Any user can replace their `ID` in the request to access other users' configuration and PII information.

------------------------------------------
[References]
1. https://newgensoft.com/platform/content-services-platform/content-workdesk/
2. https://appsource.microsoft.com/en-us/product/web-apps/newgensoftware-2272900.omnidocs?tab=PlansAndPrice
3. https://www.cvedetails.com/vulnerability-list/vendor_id-10557/product_id-18863/Newgensoft-Omnidocs.html

------------------------------------------
[Discoverer]
Individual