ebmtech 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk sql injection などに関し、一部は vendor impact data exposure を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-26264 | EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records. | [email protected] | 9.8 | 0.48% | 2024-02-15 | 2025-01-23 |
| CVE-2024-26263 | EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | [email protected] | 5.3 | 0.07% | 2024-02-15 | 2025-01-23 |
| CVE-2024-26262 | EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator . | [email protected] | 8.8 | 0.58% | 2024-02-15 | 2025-01-23 |