← Back

Cerner

cerner

7 CVEs • 4 products

Products (4)

Click to collapse
Toggle
Medico
medico
4 CVEs
Connectivity Engine 4 Firmware
connectivity_engine_4_firmware
2 CVEs
Mobile Care
mobile_care
1 CVE
Connectivity Engine 4
connectivity_engine_4
0 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-36385
1Cerner
1Mobile Care
Jun 17, 2026
Aug 24, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary sys...Show more
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.Show less
CVE-2020-11677
1Cerner
1Medico
Jun 17, 2026
Apr 29, 2020
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).
CVE-2020-11676
1Cerner
1Medico
Jun 17, 2026
Apr 29, 2020
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).
CVE-2020-11675
1Cerner
1Medico
Jun 17, 2026
Apr 29, 2020
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).
CVE-2020-11674
1Cerner
1Medico
Jun 17, 2026
Apr 29, 2020
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
Cerner medico 26.00 allows variable reuse, possibly causing data corruption.
CVE-2018-20053
1Cerner
1Connectivity Engine 4 Firmware
Nov 21, 2024
Apr 25, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file o...Show more
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network.Show less
CVE-2018-20052
1Cerner
1Connectivity Engine 4 Firmware
Nov 21, 2024
Apr 25, 2019
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One examp...Show more
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command.Show less