CVE-2015-6538

2015-12-2719:00:00

mitre

www.cve.org

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.

References

www.epiphanyhealthdata.com/blog/certresponse

www.kb.cert.org/vuls/id/630239