VYPR
Vendor

CGM

Products
3
CVEs
8
Across products
8
Status
Private

Products

3

Recent CVEs

8
  • CVE-2025-30035CriMar 2, 2026
    risk 0.59cvss epss 0.00

    The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and…

  • CVE-2025-10350HigMar 2, 2026
    risk 0.57cvss epss 0.00

    SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in…

  • CVE-2025-48981HigOct 8, 2025
    risk 0.56cvss 8.6epss 0.00

    An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection.

  • CVE-2025-30038HigAug 27, 2025
    risk 0.47cvss epss 0.00

    The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially…

  • CVE-2025-58406Mar 2, 2026
    risk 0.00cvss epss 0.00

    The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.

  • CVE-2025-58405Mar 2, 2026
    risk 0.00cvss epss 0.00

    The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and…

  • CVE-2025-58402Mar 2, 2026
    risk 0.00cvss epss 0.00

    The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.

  • CVE-2025-30042Mar 2, 2026
    risk 0.00cvss epss 0.00

    The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for…