2 matches found
CVE-2025-8306
CVE-2025-8306 affects Asseco InfoMedica. A low-privilege user can obtain encoded passwords of other accounts due to weak access control, enabling chained Privilege Escalation with CVE-2025-8307. Affected versions are fixed in 4.50.1 and 5.38.0. The linked advisories describe an improper access-co...
CVE-2025-8306 Improper Access Control in Asseco Infomedica Plus
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts including main administrator due to lack of granularity in access control. Chained...