Vulnerability Details : CVE-2022-32965
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
Vulnerability category: Execute code
Products affected by CVE-2022-32965
- cpe:2.3:a:omicard_edm_project:omicard_edm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-32965
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-32965
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
TWCERT/CC |
CWE ids for CVE-2022-32965
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by:
- nvd@nist.gov (Primary)
- twcert@cert.org.tw (Secondary)
References for CVE-2022-32965
-
https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f
Third Party Advisory
-
https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html
Third Party Advisory
Jump to