Harsh Verma

**Name of the Vulnerable Software and Affected Versions** e-Sushrut (affected versions not specified) **Description** Improper authentication logic relies on client-side response parameters to determine authentication status. A remote attacker can intercept and modify the server response to bypass authentication and gain unauthorized access to user accounts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e-Sushrut (affected versions not specified) **Description** Improper access control in resource access validation allows an authenticated attacker to gain unauthorized access to sensitive patient information by manipulating parameters in the API request URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e-Sushrut (affected versions not specified) **Description** Improper authorization checks during resource access allow an authenticated attacker to gain unauthorized access to patient accounts. This is achieved by manipulating encoded parameters within the request URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e-Sushrut (affected versions not specified) **Description** e-Sushrut uses reversible Base64 encoding to protect sensitive data. An authenticated attacker can decode and manipulate Base64-encoded parameters in the request URL to gain unauthorized access to sensitive information on the targeted system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e-Sushrut (affected versions not specified) **Description** Sensitive information and hardcoded AES (Advanced Encryption Standard, a symmetric block cipher used for encrypting and decrypting data) encryption keys are disclosed in client-side JavaScript. An unauthenticated remote attacker can access the client-side code to extract these cryptographic keys and sensitive data, potentially compromising the system's cryptographic protections. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.