CVE-2022-32964

{"id": "CVE-2022-32964", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-04T10:15:08.190", "references": [{"url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "OMICARD EDM\u2019s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service."}, {"lang": "es", "value": "La funci\u00f3n de la API de OMICARD EDM no comprueba suficientemente las entradas del usuario. Un atacante remoto no autenticado puede inyectar comandos SQL arbitrarios para acceder, modificar, eliminar la base de datos o interrumpir el servicio"}], "lastModified": "2022-10-26T02:48:32.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:omicard_edm_project:omicard_edm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F11B29BF-543C-4268-B257-E02275F6B969", "versionEndIncluding": "6.0", "versionStartIncluding": "5.8"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}