EBM Technologies
Products
3- 3 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-26264 | Cri | 0.64 | 9.8 | 0.01 | Feb 15, 2024 | EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database… | ||
| CVE-2025-2585 | Hig | 0.57 | 8.8 | 0.00 | Mar 21, 2025 | EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | ||
| CVE-2024-26262 | Hig | 0.57 | 8.8 | 0.01 | Feb 15, 2024 | EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands.… | ||
| CVE-2025-11672 | Med | 0.34 | 5.3 | 0.00 | Oct 13, 2025 | Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names. | ||
| CVE-2025-11671 | Med | 0.34 | 5.3 | 0.00 | Oct 13, 2025 | Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses. | ||
| CVE-2024-26263 | Med | 0.34 | 5.3 | 0.00 | Feb 15, 2024 | EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. |
- risk 0.64cvss 9.8epss 0.01
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database…
- risk 0.57cvss 8.8epss 0.00
EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
- risk 0.57cvss 8.8epss 0.01
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands.…
- risk 0.34cvss 5.3epss 0.00
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
- risk 0.34cvss 5.3epss 0.00
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses.
- risk 0.34cvss 5.3epss 0.00
EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.