CVE-2022-32965

Summary

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.

Affected Software

VendorProductVersion RangeStatus
ITPisonOMICARD EDM5.8 <= 6.0affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

References