PT-2025-34844 · Cgm · Cgm Clininet
Maciej Kazulak
·
Published
2025-08-27
·
Updated
2025-08-27
·
CVE-2025-30037
CVSS v4.0
8.8
High
| Vector | AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
(affected versions not specified)
Description:
The system exposes several endpoints, typically including
/int/ in their path, that should be restricted to internal services but are publicly accessible without authentication to any host able to reach the application server on port 443/tcp.Recommendations:
Restrict access to internal services to prevent unauthorized access via the exposed endpoints.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cgm Clininet