CVE-2022-44795 Object First 1.0.7.712 has a Web Service flaw that could lead to local information disclosure. The command that creates the support bundle's URL uses an insecure RNG.

An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to cross site scripting. The command that creates the URL for the support bundle uses insecure ciphers. That can lead to cross site scripting. As a result, an attacker can execute arbitrary code with the privileges of the user. This is fixed in 1.0.13.1611. An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to cross site scripting. The command that creates the URL for the support bundle uses insecure ciphers. That can lead to cross site scripting. As a result, an attacker can execute arbitrary code with the privileges of the user. This is fixed in 1.0.13.1611. An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to cross site scripting. The command that creates the URL for the support bundle uses insecure ciphers. That can lead to cross site scripting. As a result, an attacker can execute arbitrary code with the privileges of the user. This is fixed in 1.0.13.1611. An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to cross site scripting. The command that creates the URL for the support bundle

Dependency Injection

Dependency Injection (DI) is an approach to software design in which objects are given the services they need via constructor injection, method injection, or property injection. DI is a programming paradigm that relies on building software components by first defining the interface of each of its classes (also called "objects"), then instantiating those classes at run time based on those interfaces, rather than relying on construction mechanisms built into the language itself.
This happens mostly with object-oriented languages. The term "inject" is derived from object construction and programming terminology for instantiating an object's instance in code; this term also applies to other constructions such as class instantiation.
If you want to enhance your business's website, SEO can be a huge asset. But there are many factors that any company must consider before they decide how they want their website optimized. One factor is how search engines view content, and another is getting people to click through and convert on your marketing campaigns. For these reasons, it's worth outsourcing SEO efforts so you can focus on what matters most: your business goals!

Timeline

Published on: 11/07/2022 04:15:00 UTC
Last modified on: 11/08/2022 04:22:00 UTC

References

• https://objectfirst.com/security/of-20221024-0003/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44795