A high-severity information disclosure vulnerability has been identified in Newgen OmniDocs. This flaw allows an unauthenticated attacker to remotely access a list of data repositories, known as "cabinets," by exploiting a missing security check on a specific API endpoint. Successful exploitation could provide an attacker with valuable reconnaissance information to facilitate further, more targeted attacks against the organization's data.

The vulnerability exists due to a lack of authentication and authorization on the /omnidocs/GetListofCabinet API endpoint. An unauthenticated remote attacker can send a direct request to this endpoint without providing any credentials. The server will improperly process this request and respond with a complete list of all configured "cabinets," which are high-level containers for documents and data within the OmniDocs platform. This exposes the internal data structure and naming conventions, which can be leveraged for reconnaissance and planning subsequent attacks.

This vulnerability is rated as High severity with a CVSS score of 7.5. While it does not allow for direct data exfiltration or system modification, the information disclosed is highly valuable for an attacker. By obtaining the list of cabinets, an attacker can map the organization's data layout, identify potentially high-value targets (e.g., cabinets named "Finance," "HR," or "Legal"), and refine social engineering or other targeted attacks. This exposure increases the risk of a future data breach and can reveal sensitive information about the organization's structure and operations.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor to all affected Newgen OmniDocs instances immediately. After patching, administrators should review web server and application access logs for any evidence of unauthorized access to the vulnerable API endpoint prior to the patch being applied.

Proactive Monitoring: Implement monitoring and alerting for anomalous access patterns to the /omnidocs/GetListofCabinet API endpoint. Security teams should look for multiple requests from unknown or external IP addresses, which could indicate scanning or exploitation attempts. Monitor for any follow-on suspicious activity originating from IPs that accessed this endpoint.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Use a Web Application Firewall (WAF) or reverse proxy to create a rule that blocks external access to the /omnidocs/GetListofCabinet URL.
• Enforce network segmentation to restrict access to the Newgen OmniDocs application server, allowing connections only from trusted internal networks.
• If possible, enforce authentication at a network level (e.g., via a reverse proxy or API gateway) before traffic is passed to the application.

Public Exploit Available: false

Given the High severity rating (CVSS 7.5) and the ease of exploitation, it is strongly recommended that organizations prioritize applying the vendor-supplied security patches to all vulnerable Newgen OmniDocs systems without delay. Although this vulnerability is not currently listed on the CISA KEV catalog, its reconnaissance value makes it an attractive target for attackers. If patching cannot be performed immediately, implement the suggested compensating controls, such as WAF rules, to block access to the vulnerable endpoint and reduce the attack surface.