exploitDog

CVE-2024-23747

Опубликовано: 29 янв. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

Ссылки

https://github.com/louiselalanne/CVE-2024-23747
Exploit
Third Party Advisory
https://modernasistemas.com.br/sitems/
Product
https://github.com/louiselalanne/CVE-2024-23747
Exploit
Third Party Advisory
https://modernasistemas.com.br/sitems/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:modernasistemas:modernanet_hospital_management_system_2024:-:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00752

Низкий

7.5 High

CVSS3

Дефекты

CWE-639

CWE-639

Связанные уязвимости

GHSA-257p-qfc7-7ff5

CVSS3: 7.5

github

около 2 лет назад

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

EPSS

Процентиль: 73%

0.00752

Низкий

7.5 High

CVSS3

Дефекты

CWE-639

CWE-639