Search criteria
8 vulnerabilities found for omicard_edm by omicard_edm_project
CVE-2022-35216 (GCVE-0-2022-35216)
Vulnerability from nvd – Published: 2022-08-04 09:15 – Updated: 2024-09-16 22:35
VLAI?
Title
ITPison OMICARD EDM - Use of Hard-coded Credentials
Summary
OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ITPison | OMICARD EDM |
Affected:
5.8 , ≤ 6.0
(custom)
|
Date Public ?
2022-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6374-1c6c9-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OMICARD EDM",
"vendor": "ITPison",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM\u2019s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T12:42:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6374-1c6c9-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206012",
"discovery": "EXTERNAL"
},
"title": "ITPison OMICARD EDM - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
"ID": "CVE-2022-35216",
"STATE": "PUBLIC",
"TITLE": "ITPison OMICARD EDM - Use of Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OMICARD EDM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.8",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "ITPison"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OMICARD EDM\u2019s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6374-1c6c9-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6374-1c6c9-1.html"
},
{
"name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206012",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35216",
"datePublished": "2022-08-04T09:15:30.441Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:35:59.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32965 (GCVE-0-2022-32965)
Vulnerability from nvd – Published: 2022-08-04 09:15 – Updated: 2024-09-16 20:57
VLAI?
Title
ITPison OMICARD EDM - Use of Hard-coded Credentials
Summary
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ITPison | OMICARD EDM |
Affected:
5.8 , ≤ 6.0
(custom)
|
Date Public ?
2022-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OMICARD EDM",
"vendor": "ITPison",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T12:42:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206011",
"discovery": "EXTERNAL"
},
"title": "ITPison OMICARD EDM - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
"ID": "CVE-2022-32965",
"STATE": "PUBLIC",
"TITLE": "ITPison OMICARD EDM - Use of Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OMICARD EDM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.8",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "ITPison"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
},
{
"name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32965",
"datePublished": "2022-08-04T09:15:28.816Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:57:26.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32964 (GCVE-0-2022-32964)
Vulnerability from nvd – Published: 2022-08-04 09:15 – Updated: 2024-09-17 03:43
VLAI?
Title
ITPison OMICARD EDM - SQL Injection
Summary
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ITPison | OMICARD EDM |
Affected:
5.8 , ≤ 6.0
(custom)
|
Date Public ?
2022-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OMICARD EDM",
"vendor": "ITPison",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM\u2019s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T12:42:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206010",
"discovery": "EXTERNAL"
},
"title": "ITPison OMICARD EDM - SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
"ID": "CVE-2022-32964",
"STATE": "PUBLIC",
"TITLE": "ITPison OMICARD EDM - SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OMICARD EDM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.8",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "ITPison"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OMICARD EDM\u2019s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html"
},
{
"name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206010",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32964",
"datePublished": "2022-08-04T09:15:27.394Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:33.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32963 (GCVE-0-2022-32963)
Vulnerability from nvd – Published: 2022-08-04 09:15 – Updated: 2024-09-17 03:34
VLAI?
Title
ITPison OMICARD EDM - Path Traversal-1
Summary
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ITPison | OMICARD EDM |
Affected:
5.8 , ≤ 6.0
(custom)
|
Date Public ?
2022-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6371-05bdc-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OMICARD EDM",
"vendor": "ITPison",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM\u2019s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T12:42:36.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6371-05bdc-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206009",
"discovery": "EXTERNAL"
},
"title": "ITPison OMICARD EDM - Path Traversal-1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
"ID": "CVE-2022-32963",
"STATE": "PUBLIC",
"TITLE": "ITPison OMICARD EDM - Path Traversal-1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OMICARD EDM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.8",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "ITPison"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OMICARD EDM\u2019s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6371-05bdc-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6371-05bdc-1.html"
},
{
"name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206009",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32963",
"datePublished": "2022-08-04T09:15:25.734Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:34:25.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35216 (GCVE-0-2022-35216)
Vulnerability from cvelistv5 – Published: 2022-08-04 09:15 – Updated: 2024-09-16 22:35
VLAI?
Title
ITPison OMICARD EDM - Use of Hard-coded Credentials
Summary
OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ITPison | OMICARD EDM |
Affected:
5.8 , ≤ 6.0
(custom)
|
Date Public ?
2022-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6374-1c6c9-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OMICARD EDM",
"vendor": "ITPison",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM\u2019s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T12:42:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6374-1c6c9-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206012",
"discovery": "EXTERNAL"
},
"title": "ITPison OMICARD EDM - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
"ID": "CVE-2022-35216",
"STATE": "PUBLIC",
"TITLE": "ITPison OMICARD EDM - Use of Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OMICARD EDM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.8",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "ITPison"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OMICARD EDM\u2019s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6374-1c6c9-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6374-1c6c9-1.html"
},
{
"name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206012",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35216",
"datePublished": "2022-08-04T09:15:30.441Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:35:59.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32965 (GCVE-0-2022-32965)
Vulnerability from cvelistv5 – Published: 2022-08-04 09:15 – Updated: 2024-09-16 20:57
VLAI?
Title
ITPison OMICARD EDM - Use of Hard-coded Credentials
Summary
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ITPison | OMICARD EDM |
Affected:
5.8 , ≤ 6.0
(custom)
|
Date Public ?
2022-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OMICARD EDM",
"vendor": "ITPison",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T12:42:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206011",
"discovery": "EXTERNAL"
},
"title": "ITPison OMICARD EDM - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
"ID": "CVE-2022-32965",
"STATE": "PUBLIC",
"TITLE": "ITPison OMICARD EDM - Use of Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OMICARD EDM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.8",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "ITPison"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
},
{
"name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32965",
"datePublished": "2022-08-04T09:15:28.816Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:57:26.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32964 (GCVE-0-2022-32964)
Vulnerability from cvelistv5 – Published: 2022-08-04 09:15 – Updated: 2024-09-17 03:43
VLAI?
Title
ITPison OMICARD EDM - SQL Injection
Summary
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ITPison | OMICARD EDM |
Affected:
5.8 , ≤ 6.0
(custom)
|
Date Public ?
2022-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OMICARD EDM",
"vendor": "ITPison",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM\u2019s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T12:42:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206010",
"discovery": "EXTERNAL"
},
"title": "ITPison OMICARD EDM - SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
"ID": "CVE-2022-32964",
"STATE": "PUBLIC",
"TITLE": "ITPison OMICARD EDM - SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OMICARD EDM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.8",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "ITPison"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OMICARD EDM\u2019s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html"
},
{
"name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206010",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32964",
"datePublished": "2022-08-04T09:15:27.394Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:33.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32963 (GCVE-0-2022-32963)
Vulnerability from cvelistv5 – Published: 2022-08-04 09:15 – Updated: 2024-09-17 03:34
VLAI?
Title
ITPison OMICARD EDM - Path Traversal-1
Summary
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ITPison | OMICARD EDM |
Affected:
5.8 , ≤ 6.0
(custom)
|
Date Public ?
2022-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6371-05bdc-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OMICARD EDM",
"vendor": "ITPison",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM\u2019s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T12:42:36.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6371-05bdc-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206009",
"discovery": "EXTERNAL"
},
"title": "ITPison OMICARD EDM - Path Traversal-1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
"ID": "CVE-2022-32963",
"STATE": "PUBLIC",
"TITLE": "ITPison OMICARD EDM - Path Traversal-1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OMICARD EDM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.8",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "ITPison"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OMICARD EDM\u2019s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6371-05bdc-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6371-05bdc-1.html"
},
{
"name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ITPison."
}
],
"source": {
"advisory": "TVN-202206009",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32963",
"datePublished": "2022-08-04T09:15:25.734Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:34:25.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}