Aditi Shah

**Name of the Vulnerable Software and Affected Versions** Computing For Good's Basic Laboratory Information System (C4G BLIS) versions 3.4 and earlier **Description** The issue is related to improper access control, allowing an unauthenticated user to change the password of any administrator-level user. **Recommendations** For versions 3.4 and earlier, update to a version that contains a fix for this issue to prevent unauthorized password changes for administrator-level users.

**Name of the Vulnerable Software and Affected Versions** Computing For Good's Basic Laboratory Information System (C4G BLIS) versions 3.5 and earlier **Description** The issue is related to improper access control, allowing an unauthenticated user to enumerate user names and facility names in use on a particular installation. **Recommendations** For versions 3.5 and earlier, consider restricting access to sensitive information until a proper access control mechanism is implemented. As a temporary workaround, restrict access to the system to prevent unauthorized enumeration of user and facility names.

**Name of the Vulnerable Software and Affected Versions** Computing For Good's Basic Laboratory Information System (C4G BLIS) versions 3.5 and earlier **Description** The issue is related to improper access control, allowing an unauthenticated user to modify user account settings, including promoting any user to an administrator. **Recommendations** For versions 3.5 and earlier, update to a version that addresses the improper access control issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.