Lucene search

BaxterCVE-2024-6795

HistorySep 09, 2024 - 8:15 p.m.

CVE-2024-6795

2024-09-0920:15:05

CWE-89

Baxter

web.nvd.nist.gov

connex health portal

sql injection

unauthorized access

crafted payload

database disclosure

administrative operations

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal’s database.

An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content

and/or perform administrative operations including shutting down the database.

Affected configurations

Nvd

Node

baxterconnex_health_portalRange<2024-08-30

VendorProductVersionCPE
baxterconnex_health_portal*cpe:2.3:a:baxter:connex_health_portal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baxter	connex_health_portal	*	cpe:2.3:a:baxter:connex_health_portal::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Connex Health Portal",
    "vendor": "Baxter",
    "versions": [
      {
        "lessThan": "8/30/2024",
        "status": "affected",
        "version": "0",
        "versionType": "date"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

Related for CVE-2024-6795