CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-2286

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile12.17th
Published2005年7月18日
Last Modified2026年4月16日

Vulnerability Description

WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.

Affected Platforms (CPE)

📦
Esi Products

Webeoc

<= 6.0.1

References & Advisories

🔗 http://www.kb.cert.org/vuls/id/258834
🔗 http://www.kb.cert.org/vuls/id/JGEI-6BWLWG
🔗 http://www.kb.cert.org/vuls/id/258834
🔗 http://www.kb.cert.org/vuls/id/JGEI-6BWLWG

関連する脆弱性情報

CVE-2005-22847.5

Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack v...

CVE-2005-22817.5

WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.

CVE-2005-40295.0

WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could...

CVE-2005-22855.0

WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remot...