CVE-2020-14487

Published: Jul 29, 2020Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands.

Affected (1)

Products: Freemedsoftware: Openclinic Ga

Freemedsoftware

1 product

Openclinic Ga

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freemedsoftware Openclinic Ga	Version 5.09.02

Related CWEs

CWE-912

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (2)

https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.