NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product.
Metrics
Affected Vendors & Products
Solution
The vendor has stated that WebEIP v3.0 has been released for over 15 years and is no longer supported or maintained. It is recommended to upgrade to the new WebEIP Pro product.
Workaround
No workaround given by the vendor.
Sat, 19 Oct 2024 01:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Newtype
Newtype webeip |
|
CPEs | cpe:2.3:a:newtype:webeip:3.0:*:*:*:*:*:*:* | |
Vendors & Products |
Newtype
Newtype webeip |
Tue, 15 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
New Type
New Type webeip |
|
CPEs | cpe:2.3:a:new_type:webeip:*:*:*:*:*:*:*:* | |
Vendors & Products |
New Type
New Type webeip |
|
Metrics |
ssvc
|
Tue, 15 Oct 2024 03:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product. | |
Title | NewType WebEIP v3.0 - SQL injection | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: twcert
Published:
Updated: 2024-10-15T13:39:38.622Z
Reserved: 2024-10-15T01:57:19.889Z
Link: CVE-2024-9968

Updated: 2024-10-15T13:39:29.765Z

Status : Analyzed
Published: 2024-10-15T03:15:02.360
Modified: 2024-10-19T00:42:13.957
Link: CVE-2024-9968

No data.

No data.