CVE-2022-32965
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ITPison | OMICARD EDM | 5.8 <= 6.0 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html
- https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f
References
- https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html
- https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.