CVE-2021-44160

Published: Dec 29, 2021Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: twcert@cert.org.tw (Secondary)

Description

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.

Affected (1)

Products: Cth: Carinal Tien Hospital Health Report System

1 product

Carinal Tien Hospital Health Report System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cth Carinal Tien Hospital Health Report System	All versions

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://www.twcert.org.tw/tw/cp-132-5429-4185b-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-5429-4185b-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.