Описание
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
Ссылки
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 2025.ms4 (исключая)
cpe:2.3:a:cgm:clininet:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
7.5 High
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 7.5
github
около 1 месяца назад
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
EPSS
Процентиль: 12%
0.0004
Низкий
7.5 High
CVSS3
Дефекты
CWE-639