CVE-2023-40278

Опубликовано: 19 мар. 2024

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.

Ссылки

https://github.com/BugBountyHunterCVE/CVE-2023-40278/blob/main/CVE-2023-40278_Information-Disclosure_OpenClinic-GA_5.247.01_Report.md
Exploit
Third Party Advisory
https://sourceforge.net/projects/open-clinic/
Product
https://github.com/BugBountyHunterCVE/CVE-2023-40278/blob/main/CVE-2023-40278_Information-Disclosure_OpenClinic-GA_5.247.01_Report.md
Exploit
Third Party Advisory
https://sourceforge.net/projects/open-clinic/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.247.01:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.11703

Средний

7.5 High

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-r6v7-852g-qprq