CVE-2020-25172
B. Braun OnlineSuite
In short
An attacker can upload or download any file on the B. Braun OnlineSuite system without logging in, by using specially crafted file paths that navigate to unintended directories. This puts sensitive medical data at risk.
Technical detail
The vulnerability is a relative path traversal (CWE-23) in B. Braun OnlineSuite v3.0 and earlier, allowing unauthenticated file operations via improperly sanitized path inputs. An attacker can manipulate relative paths to read/write arbitrary files, bypassing access controls and directory restrictions.
Summary generated and translated by AI from the official description.
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.
Affected products
B. Braun Melsungen AG · OnlineSuiteWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →