newtype 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and vendor risk cross-site scripting があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-9971 | The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. | [email protected] | 8.8 | 0.63% | 2024-10-15 | 2024-10-17 |
| CVE-2024-9970 | The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie. | [email protected] | 8.8 | 0.59% | 2024-10-15 | 2024-10-17 |
| CVE-2024-9969 | NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product. | [email protected] | 5.4 | 0.26% | 2024-10-15 | 2024-10-19 |
| CVE-2024-9968 | WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product. | [email protected] | 8.8 | 0.63% | 2024-10-15 | 2024-10-19 |