CVE-2022-32964 OMICARD EDM’s API function has insufficient validation for user input

The hotfix released on March 22, 2018 will address this issue. EDM supports SQL functions. Using SQL function data can be helpful in analyzing data. However, attaching invalid data to a function can lead to unexpected results.

SQL Vulnerability

A SQL vulnerability existed in the EDM schema that allowed users to create malicious data, or insert invalid input.

The hotfix released on March 22, 2018 will address this issue.

SQL Server Data Type Mismatch Detection

The hotfix released on March 22, 2018 will address this issue. EDM supports SQL functions. Using SQL function data can be helpful in analyzing data. However, attaching invalid data to a function can lead to unexpected results.

How to install SQL function hotfix?

EDM supports SQL functions. Using SQL function data can be helpful in analyzing data. However, attaching invalid data to a function can lead to unexpected results.
The hotfix released on March 22, 2018 will address this issue. To install the hotfix open the "Packages" menu and select "Install Hotfix".

SQL Function Execution Errors

SQL function execution errors can be caused by some of the following:
- Using a string that is too long for the specific SQL function.
- Sending invalid data to a SQL function.
- Confusing parameter names from within the SQL function.
- Entering input on the wrong line in the SQL function.

With this hotfix, we will address the issue of invalid data being sent to functions. We will also provide an updated list of functions that cannot accept strings longer than 64k characters.

Timeline

Published on: 08/04/2022 10:15:00 UTC
Last modified on: 08/15/2022 13:15:00 UTC

References

• https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html
• https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32964