HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities.
08569aaf8d9ee2326579f45288b32f5dc1f2f9623687358b993634b1d5424d28
HAWKI version 1.0.0-beta.1 before commit 146967f suffers from cross site scripting, arbitrary file overwrite, and session fixation vulnerabilities.
dfca73f84c2fb3bf8edc1b2f48f75be2dbaaae19ce18c9d800d8ca4a7c98f67a