CVE-2022-24830

Name of the Vulnerable Software and Affected Versions OpenClinica versions prior to 3.16

Description OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). It is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds.

Recommendations For OpenClinica versions prior to 3.16, upgrade to version 3.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints to minimize the risk of exploitation.