Name of the Vulnerable Software and Affected Versions:

Moderna Sistemas ModernaNet Hospital Management System version 2024

Description:

The system is susceptible to an issue that allows unauthorized access to sensitive medical information. This is due to the handling of user data access through the "/Modernanet/LAUDO/LAU0000100/Laudo?id=" API endpoint. By manipulating the `id` parameter, an attacker can gain access to sensitive information.

Recommendations:

For Moderna Sistemas ModernaNet Hospital Management System version 2024, consider restricting access to the "/Modernanet/LAUDO/LAU0000100/Laudo?id=" API endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.