An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration information, including cabinet names and database-related metadata. This allows unauthorized enumeration of backend deployment details and may facilitate further targeted attacks.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 23 Jan 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration information, including cabinet names and database-related metadata. This allows unauthorized enumeration of backend deployment details and may facilitate further targeted attacks. | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-01-23T15:00:36.906Z
Reserved: 2026-01-09T00:00:00.000Z
Link: CVE-2025-69907
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-01-23T15:16:05.093
Modified: 2026-01-23T15:16:05.093
Link: CVE-2025-69907
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.