affects OMERO.server 5 versions 5.6.0 and earlier
OMERO makes the details of each user available to all users.
An OMERO Experimenter instance exists for every OMERO user and its fields are readable by other users. This is inconsistent with the principles of good data privacy.
OMERO 5.6.1 obscures users' details from other normal users, unless they are colleagues in a non-private group.
This vulnerability is identified as CVE-2019-16245.
OMERO.server before 5.6.1.
All OMERO.servers should be upgraded to at least 5.6.1.