Volcore

**Name of the Vulnerable Software and Affected Versions** epa4all-client versions prior to 1.2.5 **Description** Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In misconfigured deployments, such as those following the production Docker example in the README, this can be exploited from the local network without credentials. **Recommendations** Update to version 1.2.5. Use network policies or proxies to enforce service-to-service authentication via mTLS (Mutual Transport Layer Security), which is a process where both parties in a communication link authenticate each other. Run the service in an isolated network namespace, such as a Kubernetes sidecar. Implement a service-mesh with corresponding policies.