PT-2017-6768 · Eclinicalworks · Eclinicalworks Population Health
Jerold Hoong
·
Publicado
2017-01-10
·
Atualizado
2019-03-13
·
CVE-2015-4594
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
eClinicalWorks Population Health (CCMR) (affected versions not specified)
Description
The issue concerns a session fixation problem. When a user is authenticated, the application fails to assign a new session ID. This allows for the use of an existing session ID.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Session Fixation
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Eclinicalworks Population Health