Описание
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2025-09-19 (включая)
cpe:2.3:a:vertikalsystems:hospital_manager_backend_services:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00208
Низкий
7.5 High
CVSS3
Дефекты
CWE-497
Связанные уязвимости
CVSS3: 7.5
github
3 месяца назад
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.
EPSS
Процентиль: 43%
0.00208
Низкий
7.5 High
CVSS3
Дефекты
CWE-497