CVE-2024-23747

Exploit

EPSS 0.98%
Veröffentlicht 29.01.2024 14:15:09
Zuletzt bearbeitet 21.11.2024 08:58:18
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Modernasistemas ≫ Modernanet Hospital Management System 2024 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.98%	0.764

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/louiselalanne/CVE-2024-23747

Third Party Advisory

Exploit

https://modernasistemas.com.br/sitems/

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-23747

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23747

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23747

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-23747