12 matches found
CVE-2025-61959
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...
EUVD-2025-36741
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...
CVE-2025-54459
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...
CVE-2025-61959
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...
CVE-2025-61959
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...
CVE-2025-61959
The CVE-2025-61959 entry concerns Vertikal Systems’ Hospital Manager Backend Services. Connected sources confirm concrete details: prior to 19 Sep 2025, the product exposed a live ASP.NET tracing endpoint (/trace.axd) without authentication, enabling remote attackers to harvest request metadata, ...
CVE-2025-54459 Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...
CVE-2025-54459
Vulnerability summary: CVE-2025-54459 affects the Hospital Manager Backend Services (Vertikal Systems), where the ASP.NET tracing endpoint /trace.axd was exposed without authentication before 19 September 2025. This allowed remote attackers to obtain live request traces and sensitive data such as...
CVE-2025-54459 Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...
PT-2025-44350
Name of the Vulnerable Software and Affected Versions Hospital Manager Backend Services versions prior to September 19, 2025 Description The Hospital Manager Backend Services returned detailed ASP.NET error pages for invalid requests to the ''WebResource.axd'' endpoint. These error pages revealed...
PT-2025-44349
Name of the Vulnerable Software and Affected Versions Hospital Manager Backend Services versions prior to September 19, 2025 Description The Hospital Manager Backend Services exposed the ASP.NET tracing endpoint ''/trace.axd'' without authentication before September 19, 2025. This allowed a remot...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-301-01 Schneider Electric EcoStruxure ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services...