7 matches found
CVE-2019-5644
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...
CVE-2019-5643
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation...
Improper access control
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation...
Improper access control
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...
CVE-2019-5643
CVE-2019-5643 affects Computing For Good’s Basic Laboratory Information System (C4G BLIS) up to version 3.5. The issue is CWE-284 (Improper Access Control). An unauthenticated user could enumerate usernames and facility names on a targeted installation. The Connected documents confirm the vulnera...
CVE-2019-5644
CVE-2019-5644 affects Computing For Good’s Basic Laboratory Information System (C4G BLIS) b3.5 and earlier. The issue is CWE-284 Improper Access Control, leading to an unauthenticated user potentially altering user accounts, including promoting a user to administrator. The vulnerability is rooted...
CVE-2019-5617
CVE-2019-5617 affects Computing For Good’s Basic Laboratory Information System (BLIS) v3.4 and earlier. The root cause is CWE-284, Improper Access Control, allowing an unauthenticated user to change the password of any administrator‑level user via a network attack. The CVSS‑3.1 vector (AV:N/AC:L/...