CVE-2021-44160

Carinal Tien Hospital Health Report System - Authorization Bypass Through User-Controlled Key

CVSS 7.3 HIGHEPSS 1.1%CWE-639

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.3EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

29 Dec 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Carinal Tien Hospital · Health Report System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/tw/cp-132-5429-4185b-1.html