Authentication flaw

2021-12-1519:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.

CPENameOperatorVersion
welch_allyn_connex_cardioge1.0.0
welch_allyn_connex_cardiole1.1.1
welch_allyn_diagnostic_cardiology_suiteeq2.1.0
welch_allyn_hscribe_holter_analysis_system_firmwarege5.01
welch_allyn_hscribe_holter_analysis_system_firmwarele6.4.0
welch_allyn_q-stress_cardiac_stress_testing_system_firmwarege6.0.0
welch_allyn_q-stress_cardiac_stress_testing_system_firmwarele6.3.1
welch_allyn_rscribe_resting_ecg_systemge5.01
welch_allyn_rscribe_resting_ecg_systemle7.0.0
welch_allyn_vision_express_holter_analysis_systemge6.1.0

Name	Operator	Version
welch_allyn_connex_cardio	ge	1.0.0
welch_allyn_connex_cardio	le	1.1.1
welch_allyn_diagnostic_cardiology_suite	eq	2.1.0
welch_allyn_hscribe_holter_analysis_system_firmware	ge	5.01
welch_allyn_hscribe_holter_analysis_system_firmware	le	6.4.0
welch_allyn_q-stress_cardiac_stress_testing_system_firmware	ge	6.0.0
welch_allyn_q-stress_cardiac_stress_testing_system_firmware	le	6.3.1
welch_allyn_rscribe_resting_ecg_system	ge	5.01
welch_allyn_rscribe_resting_ecg_system	le	7.0.0
welch_allyn_vision_express_holter_analysis_system	ge	6.1.0