{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T18:23:53.460","vulnerabilities":[{"cve":{"id":"CVE-2024-4894","sourceIdentifier":"twcert@cert.org.tw","published":"2024-05-15T03:15:14.887","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ITPison OMICARD EDM  fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information."},{"lang":"es","value":"ITPison OMICARD EDM no logra filtrar adecuadamente un parámetro de URL específico, lo que permite a atacantes remotos no autenticados modificar los parámetros y realizar ataques de Server Side Request Forgery (SSRF). Esta vulnerabilidad permite a los atacantes sondear información de la red interna."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-7803-c0f73-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-7802-18f3c-1.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/en/cp-139-7803-c0f73-2.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.twcert.org.tw/tw/cp-132-7802-18f3c-1.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}