7 matches found
CVE-2019-5644
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...
CVE-2019-5643
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation...
Improper access control
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...
Improper access control
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation...
CVE-2019-5644
CVE-2019-5644 affects Computing For Good’s Basic Laboratory Information System (C4G BLIS) b3.5 and earlier. The issue is CWE-284 Improper Access Control, leading to an unauthenticated user potentially altering user accounts, including promoting a user to administrator. The vulnerability is rooted...
CVE-2019-5643
CVE-2019-5643 affects Computing For Good’s Basic Laboratory Information System (C4G BLIS) up to version 3.5. The issue is CWE-284 (Improper Access Control). An unauthenticated user could enumerate usernames and facility names on a targeted installation. The Connected documents confirm the vulnera...
CVE-2019-5617
CVE-2019-5617 affects Computing For Good’s Basic Laboratory Information System (BLIS) v3.4 and earlier. The root cause is CWE-284, Improper Access Control, allowing an unauthenticated user to change the password of any administrator‑level user via a network attack. The CVSS‑3.1 vector (AV:N/AC:L/...