446 matches found
CVE-2025-30035
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...
CVE-2025-58405
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into...
CVE-2025-58402
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
CVE-2025-30042
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...
CVE-2025-30035
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...
CVE-2025-10350
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....
CVE-2025-58406
Technical details about CVE-2025-58406 are not provided in the supplied documents. For CGM CLININET, specifics such as affected versions, root cause, and fixes are not disclosed here; monitor for updates.
EUVD-2025-208152
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...
CVE-2025-30035 Lack of API authentication allowing session generation for any user
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...
CVE-2025-30035 Lack of API authentication allowing session generation for any user
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...
CVE-2025-30035
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...
CVE-2025-30035
CVE-2025-30035 affects CGM CLININET: lack of API authentication allows generating a session for any user, enabling session takeover without a password. Root cause: missing auth on session creation. Impact is high across confidentiality, integrity, and availability (CVSS v4.0 base score 9.0; vecto...
CVE-2025-10350 SQL injection in CGM NETRAAD
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....
CVE-2025-10350
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....
EUVD-2025-208145
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....
PT-2026-22577
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
CGM CLININET 安全漏洞
CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a security vulnerability that stems from the use of direct and continuous object identifiers called MessageID, without proper authorization checks. This vulnerability could allow attacke...
CGM NETRAAD SQL注入漏洞
CGM NETRAAD is a radiology information system and imaging archiving system developed by the German company CGM. Versions of CGM NETRAAD prior to 7.9.0 contained a SQL injection vulnerability. This vulnerability arises from handling C-FIND queries, potentially allowing unauthorized access to the...
PT-2026-22573
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...
CGM CLININET 安全漏洞
CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a security vulnerability, which stems from the absence of necessary security HTTP headers in responses. This vulnerability may lead to client-side attacks such as clickjacking, MIME...