maarch 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-37772 | Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | [email protected] | 7.5 | 1.17% | 2022-11-22 | 2026-07-04 |
| CVE-2022-37774 | There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. | [email protected] | 5.3 | 0.53% | 2022-11-22 | 2026-07-04 |
| CVE-2022-37773 | An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. | [email protected] | 6.5 | 0.78% | 2022-11-22 | 2026-07-04 |
| CVE-2019-15855 | An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service. | [email protected] | 9.1 | 1.51% | 2020-01-17 | 2026-06-16 |
| CVE-2019-15854 | An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource. | [email protected] | 8.8 | 1.28% | 2020-01-17 | 2026-06-16 |
| CVE-2015-1587 | Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. | [email protected] | 7.5 | 44.19% | 2015-02-19 | 2026-06-16 |
| CVE-2014-8995 | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | [email protected] | 5.0 | 2.22% | 2014-11-20 | 2026-06-16 |
| CVE-2006-5492 | Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." | [email protected] | 4.0 | 1.19% | 2006-10-25 | 2026-06-16 |