← volver
CVE-2024-50589

Unprotected FHIR API

CVSS 7.5 HIGHEPSS 0.6%CWE-306
An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
HASOMED · Elefant

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://seclists.org/fulldisclosure/2024/Nov/3https://hasomed.de/produkte/elefant/https://r.sec-consult.com/hasomed