changeweb 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting などに関し、一部は vendor impact session compromise を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-46204 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint. | [email protected] | 6.5 | 0.09% | 2025-06-04 | 2025-06-10 |
| CVE-2025-46203 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint. | [email protected] | 6.5 | 0.09% | 2025-06-04 | 2025-06-10 |
| CVE-2025-25621 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1. | [email protected] | 4.3 | 0.05% | 2025-03-17 | 2025-06-24 |
| CVE-2025-25618 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers. | [email protected] | 3.3 | 0.08% | 2025-03-17 | 2025-06-24 |
| CVE-2025-25620 | Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. | [email protected] | 5.4 | 0.25% | 2025-03-10 | 2025-06-23 |
| CVE-2025-25614 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. | [email protected] | 8.8 | 0.40% | 2025-03-10 | 2025-06-23 |
| CVE-2025-25616 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | [email protected] | 4.3 | 0.57% | 2025-03-10 | 2025-03-13 |
| CVE-2025-25615 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | [email protected] | 2.7 | 0.42% | 2025-03-10 | 2025-03-13 |
| CVE-2024-53573 | Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}. | [email protected] | 9.8 | 0.26% | 2025-02-26 | 2025-04-07 |