Name of the Vulnerable Software and Affected Versions:

CGM CLININET (affected versions not specified)

Description:

The issue involves a session ID leak when saving a file downloaded from CGM CLININET. The session identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources. An NTFS alternate data stream (ADS) is a feature of the NTFS file system that allows files to have multiple data streams associated with them.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.