go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


ITPison OMICARD EDM - Server-Side Request Forgery

TVN ID TVN-202405002
CVE ID CVE-2024-4894
CVSS 5.3 (Medium)
Affected Products OMICARD EDM before v6.0.
Description ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.
Solution Software update is unable to patch the vulnerability, please disable the affected website(Relay). For further instructions, please contact the vendor to obtain the security documentation.
Credit Vtim(DEVCORE)
Public Date 2024-05-15