Vulnerabilities in CGM
25 resultsCVE-2025-30057CRITICALAuthenticated RCE with uhcapache privileges in ConvertToPDFEPSS 0.7%CVE-2025-30044CRITICALRCE on uhcapache user permissionsEPSS 0.5%CVE-2025-30048MEDIUMUnauthenticated access to module configuration endpointEPSS 0.2%CVE-2025-30037HIGHMissing authentication in APIs allowing data retrieval and modificationEPSS 0.2%CVE-2025-2313CRITICALRCE via Print.pl in uhcPrintServerPrintEPSS 0.2%CVE-2025-30056CRITICALCalling system commands via RunCommandEPSS 0.2%CVE-2025-30055CRITICALConditional RCE via the "system" functionEPSS 0.2%CVE-2025-58402HIGHInsecure Direct Object Reference Message IDEPSS 0.2%CVE-2025-30035CRITICALLack of API authentication allowing session generation for any userEPSS 0.2%CVE-2025-30060MEDIUMSQL injection in ReturnUserUnitsXML.pl via the UserID parameterEPSS 0.2%CVE-2025-30061MEDIUMSQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameterEPSS 0.2%CVE-2025-30058MEDIUMSQL injection in getPatientIdentifier function of PatientService.plEPSS 0.2%CVE-2025-30059MEDIUMAuthenticated SQL injection in PrepareCDExportJSON.plEPSS 0.2%CVE-2025-30062MEDIUMSQL injection in CheckUnitCodeAndKey.plEPSS 0.2%CVE-2025-10350HIGHSQL injection in CGM NETRAADEPSS 0.2%CVE-2025-58406MEDIUMLack of HTTP Response HeadersEPSS 0.2%CVE-2025-58405MEDIUMLack of protection mechanisms against Clickjacking attacksEPSS 0.2%CVE-2025-30040CRITICALMissing authentication in API returning request logs containing session IDsEPSS 0.2%CVE-2025-30041CRITICALMissing authentication in APIs returning statistical data along with session IDsEPSS 0.2%CVE-2025-30039CRITICALMissing authentication in API returning a list of all active sessionsEPSS 0.2%