Lucene search

BaxterVULNRICHMENT:CVE-2024-6795

HistorySep 09, 2024 - 7:24 p.m.

CVE-2024-6795 Vulnerability in Baxter Connex Health Portal

2024-09-0919:24:01

CWE-89

Baxter

github.com

cve-2024-6795

connex health portal

sql injection

unauthorized access

database modification

administrative operations

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal’s database.

An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content

and/or perform administrative operations including shutting down the database.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:hillrom:connex_health_portal:*:*:*:*:*:*:*:*"
    ],
    "vendor": "hillrom",
    "product": "connex_health_portal",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "8.30.2024",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6795