【Vulnerability Alert】NewType Infortech WebEIP v3.0 - Major Security Vulnerability (CVE-2024-9968)

publish date : 2024-10-22 update date : 2024-10-22

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2024101809103636 Publication Time 2024/10/18 09:47
Incident Type ANA-Vulnerability Alert Discovery Time 2024/10/16 09:47
Impact Level Medium  
[Subject]
【Vulnerability Alert】NewType Infortech WebEIP v3.0 - Major Security Vulnerability (CVE-2024-9968)
[Content]
Forwarded from TWCERTCC-200-202410-00000004

TWCERT/CC released TVN-202410005, CVE-2024-9968 (CVSS: 8.8 Critical) on 2024-10-15. NewType Infortech WebEIP v3.0 does not properly validate user input, allowing remote attackers with general privileges to inject SQL commands, potentially reading, modifying, and deleting database content. The affected product is no longer maintained, and it is recommended to switch to a newer version.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
WebEIP v3.0
[Recommended Actions]
The vendor stated that WebEIP v3.0 has been out for more than 15 years and is no longer supported or maintained. It is recommended to upgrade to the WebEIP Pro version.
[Reference]
NewType Infortech WebEIP v3.0 - SQL Injection:https://www.twcert.org.tw/tw/cp-132-8132-160bb-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center