Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35216 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 7.5 HIGH |
| OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | |||||
| CVE-2022-32965 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 9.8 CRITICAL |
| OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | |||||
| CVE-2022-32964 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 9.8 CRITICAL |
| OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service. | |||||
| CVE-2022-32963 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 7.5 HIGH |
| OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | |||||