Описание
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mieweb:enterprise_health:rc202403:*:*:*:*:*:*:*
cpe:2.3:a:mieweb:enterprise_health:rc202409:*:*:*:*:*:*:*
cpe:2.3:a:mieweb:enterprise_health:rc202503:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00016
Низкий
3.3 Low
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-1295
Связанные уязвимости
CVSS3: 3.3
github
4 месяца назад
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.
EPSS
Процентиль: 3%
0.00016
Низкий
3.3 Low
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-1295