PT-2020-14035 · Openclinic · Openclinic Ga
Brian D. Hysell
·
Published
2020-07-29
·
Updated
2020-07-29
·
CVE-2020-14487
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClinic GA version 5.09.02
Description
The issue concerns a hidden default user account in OpenClinic GA. If an administrator has not explicitly disabled this account, it may be accessed by an attacker, potentially allowing them to log in and execute arbitrary commands.
Recommendations
For OpenClinic GA version 5.09.02, ensure that the default user account is expressly turned off by an administrator to prevent potential unauthorized access.
Fix
Hidden Functionality
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclinic Ga