Anom

Name of the Vulnerable Software and Affected Versions: Philips Healthcare Tasy Electronic Medical Record (EMR) version 3.06 Description: The issue allows SQL injection via specific parameters. For the WAdvancedFilter/getDimensionItemsByCode endpoint, the `FilterValue` parameter is vulnerable. Additionally, the CorCad F2/executaConsultaEspecifico endpoint is affected, specifically the `IE CORPO ASSIST` or `CD USUARIO CONVENIO` parameters. Recommendations: For version 3.06, consider restricting access to the WAdvancedFilter/getDimensionItemsByCode endpoint and the CorCad F2/executaConsultaEspecifico endpoint to minimize the risk of exploitation. Avoid using the `FilterValue` parameter in the WAdvancedFilter/getDimensionItemsByCode endpoint and the `IE CORPO ASSIST` or `CD USUARIO CONVENIO` parameters in the CorCad F2/executaConsultaEspecifico endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Philips Healthcare Tasy Electronic Medical Record (EMR) version 3.06 Description: The issue allows SQL injection via the CorCad F2/executaConsultaEspecifico endpoint, specifically through the `IE CORPO ASSIST` or `CD USUARIO CONVENIO` parameters. This could potentially lead to unauthorized access or manipulation of sensitive data. Recommendations: For version 3.06, consider restricting access to the CorCad F2/executaConsultaEspecifico endpoint until a patch is available. As a temporary workaround, avoid using the `IE CORPO ASSIST` or `CD USUARIO CONVENIO` parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.