Lucene search

[email protected]NVD:CVE-2024-37999

HistoryJul 08, 2024 - 11:15 a.m.

CVE-2024-37999

2024-07-0811:15:10

CWE-282

[email protected]

web.nvd.nist.gov

vulnerability

medicalis workflow orchestrator

privileges escalation

network access

authenticated attacker

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.2%

JSON

A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.

Affected configurations

Nvd

Node

siemensmedicalis_workflow_orchestrator

VendorProductVersionCPE
siemensmedicalis_workflow_orchestrator*cpe:2.3:a:siemens:medicalis_workflow_orchestrator:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	medicalis_workflow_orchestrator	*	cpe:2.3:a:siemens:medicalis_workflow_orchestrator::::::::

References

www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-37999

cvelist1 vulnrichment1 cve1