10 matches found
CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...
CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...
CVE-2026-42516 Broken Access Control Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...
CVE-2026-42515
CVE-2026-42515 is an IDOR vulnerability in the e-Sushrut HMIS. Improper access control in resource access validation allows an authenticated attacker to manipulate a URL parameter in the API request to gain unauthorized access to patients’ sensitive information. The CVSS 4.0 base score is 7.1 (HI...
CVE-2026-42515 Insecure Direct Object Reference (IDOR) Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...
CVE-2026-42514 Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...
CVE-2026-42514
CVE-2026-42514 affects e-Sushrut HMIS. The issue is exposure of OTPs in plaintext within API responses, enabling a remote attacker to intercept responses containing valid OTPs. If exploited, an attacker could impersonate a target user and gain unauthorized access to user accounts. Metrics indicat...
CVE-2026-42514 Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...
CVE-2026-42513
CVE-2026-42513 affects e-Sushrut HMIS. The vulnerability stems from improper authentication logic that relies on client-side response parameters to determine login status, enabling a remote attacker to intercept and modify server responses to bypass authentication and gain unauthorized access to ...
CVE-2026-42513 Authentication Bypass Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...