CVE-2025-30035
Lack of API authentication allowing session generation for any user
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
CGM · CGM CLININETQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →