CVE-2022-2272

Name of the Vulnerable Software and Affected Versions Sante PACS Server version 3.0.4

Description This issue allows remote attackers to bypass authentication on affected installations. The flaw exists within the processing of calls to the "login endpoint". When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this issue to bypass authentication on the system.

Recommendations For Sante PACS Server version 3.0.4, consider disabling the login endpoint until a patch is available to prevent exploitation. Restrict access to the SQL query construction process to minimize the risk of authentication bypass. Avoid using the username element in the affected login endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.