Lucene search

[email protected]NVD:CVE-2024-6795

HistorySep 09, 2024 - 8:15 p.m.

CVE-2024-6795

2024-09-0920:15:05

CWE-89

[email protected]

web.nvd.nist.gov

connex health portal

sql injection

unauthorized access

crafted payload

database manipulation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal’s database.

An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content

and/or perform administrative operations including shutting down the database.

Affected configurations

Nvd

Node

baxterconnex_health_portalRange<2024-08-30

VendorProductVersionCPE
baxterconnex_health_portal*cpe:2.3:a:baxter:connex_health_portal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baxter	connex_health_portal	*	cpe:2.3:a:baxter:connex_health_portal::::::::

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Related for NVD:CVE-2024-6795

cve1 vulnrichment1 cvelist1 ics1