CVE-2024-50589
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HASOMED | Elefant | <24.04.00 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
While workarounds such as modifying the Elefant windows firewall rules and manually adjusting file permissions in the installation folder are feasible workarounds for some of the vulnerabilities, it is recommended to install the patches provided by the vendor.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.