Описание
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до lpi_3.5.12.p30 (исключая)
cpe:2.3:a:lifepoint:patient_portal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00149
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-288
CWE-287
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.
EPSS
Процентиль: 36%
0.00149
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-288
CWE-287