Description
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address.
Published: 2026-06-04
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OMICARD EDM includes an IDOR flaw that permits an unauthenticated remote attacker to modify a specific request parameter and retrieve a user’s email address. This results in indirect disclosure of personal data.

Affected Systems

The affected product is OMICARD EDM from ITPison. No explicit version information is given, so all current and legacy builds could be affected until a patch is applied.

Risk and Exploitability

The CVSS score of 6.9 signals moderate severity. With no EPSS data and not listed in the KEV catalog, there is no evidence of widespread exploitation, yet the flaw is directly exploitable by remote attackers via parameter manipulation, representing a medium risk that warrants timely remediation.

Generated by OpenCVE AI on June 4, 2026 at 03:51 UTC.

Remediation

Vendor Solution

Please contact the vendor to obtain the patch.

OpenCVE Recommended Actions

  • Contact ITPison to obtain a vendor patch
  • Apply the vendor patch as soon as it becomes available
  • Review the application for other potential IDOR vulnerabilities and enforce stricter access controls
  • Monitor application logs for anomalous parameter modification attempts

Generated by OpenCVE AI on June 4, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Itpison
Itpison omicard Edm
Vendors & Products Itpison
Itpison omicard Edm

Thu, 04 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address.
Title ITPison|OMICARD EDM - Insecure Direct Object Reference
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Itpison Omicard Edm
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-06-04T02:19:51.051Z

Reserved: 2026-06-02T03:36:59.098Z

Link: CVE-2026-10597

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T03:16:19.443

Modified: 2026-06-04T03:16:19.443

Link: CVE-2026-10597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T04:00:05Z

Weaknesses