PT-2026-1958 · Asseco · Asseco Infomedica
Maciej Kazulak
·
Publicado
2026-01-08
·
Atualizado
2026-01-08
·
CVE-2025-8306
CVSS v4.0
5.1
Média
| Vetor | AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Asseco InfoMedica versions prior to 4.50.1
Asseco InfoMedica versions prior to 5.38.0
Description
Asseco InfoMedica is a solution for managing administrative and medical tasks in the healthcare sector. A user with low privileges can obtain encoded passwords for all accounts, including those with administrative privileges, due to insufficient access control granularity. Exploiting this issue, in combination with another issue, can lead to privilege escalation.
Recommendations
Update to version 4.50.1 or later.
Update to version 5.38.0 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asseco Infomedica