CVE-2022-32965

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:omicard_edm_project:omicard_edm:*:*:*:*:*:*:*:*

History

26 Oct 2022, 02:49

Type	Values Removed	Values Added
References	~~(MISC) https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f -~~	(MISC) https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f - Third Party Advisory

15 Aug 2022, 13:15

Type	Values Removed	Values Added
References		(MISC) https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f -

10 Aug 2022, 17:24

Type	Values Removed	Values Added
CWE		CWE-798
CPE		cpe:2.3:a:omicard_edm_project:omicard_edm::::::::
References	~~(MISC) https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html -~~	(MISC) https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html - Third Party Advisory

04 Aug 2022, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-04 10:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-32965

Mitre link : CVE-2022-32965

CVE.ORG link : CVE-2022-32965

JSON object : View

Products Affected

omicard_edm_project

omicard_edm

CWE

CWE-798

Use of Hard-coded Credentials

9.8 /10