Lucene search

BaxterCVELIST:CVE-2024-6795

HistorySep 09, 2024 - 7:24 p.m.

CVE-2024-6795 Vulnerability in Baxter Connex Health Portal

2024-09-0919:24:01

CWE-89

Baxter

www.cve.org

cve-2024-6795

baxter connex

health portal

sql injection

unauthorized access

database disclosure

administrative operations

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal’s database.

An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content

and/or perform administrative operations including shutting down the database.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Connex Health Portal",
    "vendor": "Baxter",
    "versions": [
      {
        "lessThan": "8/30/2024",
        "status": "affected",
        "version": "0",
        "versionType": "date"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Related for CVELIST:CVE-2024-6795