PT-2024-20054 · Moderna Sistemas · Modernanet Hospital Management System
Louiselalanne
·
Published
2024-01-29
·
Updated
2024-02-02
·
CVE-2024-23747
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moderna Sistemas ModernaNet Hospital Management System version 2024
Description
The system is susceptible to an issue that allows unauthorized access to sensitive medical information. This is due to the handling of user data access through the "/Modernanet/LAUDO/LAU0000100/Laudo?id=" API endpoint. By manipulating the
id parameter, an attacker can gain access to sensitive information.Recommendations
For Moderna Sistemas ModernaNet Hospital Management System version 2024, consider restricting access to the "/Modernanet/LAUDO/LAU0000100/Laudo?id=" API endpoint to minimize the risk of exploitation. Avoid using the
id parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modernanet Hospital Management System