Aggregates CVE and security vulnerability intelligence across all omicard_edm_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and vendor risk sql injection and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-35216 | OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | [email protected] | 7.5 | 0.60% | 2022-08-04 | 2024-11-21 |
| CVE-2022-32965 | OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | [email protected] | 9.8 | 2.55% | 2022-08-04 | 2024-11-21 |
| CVE-2022-32964 | OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service. | [email protected] | 9.8 | 0.55% | 2022-08-04 | 2024-11-21 |
| CVE-2022-32963 | OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | [email protected] | 7.5 | 0.60% | 2022-08-04 | 2024-11-21 |