Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://cwe.mitre.org/data/definitions/362.html →Open in CWE collection →Creating and using insecure temporary files can leave application and system data vulnerable to attack.
https://cwe.mitre.org/data/definitions/377.html →Open in CWE collection →The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
https://capec.mitre.org/data/definitions/26.html →Open in CAPEC collection →This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.
https://capec.mitre.org/data/definitions/29.html →Open in CAPEC collection →An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
https://capec.mitre.org/data/definitions/149.html →Open in CAPEC collection →An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.
https://capec.mitre.org/data/definitions/155.html →Open in CAPEC collection →