PT-2026-1958 · Asseco · Asseco Infomedica
Maciej Kazulak
·
Published
2026-01-08
·
Updated
2026-01-08
·
CVE-2025-8306
CVSS v4.0
5.1
Medium
| Vector | AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Asseco InfoMedica versions prior to 4.50.1
Asseco InfoMedica versions prior to 5.38.0
Description
Asseco InfoMedica is a solution for managing administrative and medical tasks in the healthcare sector. A user with low privileges can obtain encoded passwords for all accounts, including those with administrative privileges, due to insufficient access control granularity. Exploiting this issue, in combination with another issue, can lead to privilege escalation.
Recommendations
Update to version 4.50.1 or later.
Update to version 5.38.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asseco Infomedica