← voltar
CVE-2024-50589

Unprotected FHIR API

CVSS 7.5 HIGHEPSS 0.6%CWE-306
An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
HASOMED · Elefant

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://seclists.org/fulldisclosure/2024/Nov/3https://hasomed.de/produkte/elefant/https://r.sec-consult.com/hasomed