CVE-2020-14486

An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.09.02:*:*:*:*:*:*:*
cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.89.05b:*:*:*:*:*:*:*

History

21 Nov 2024, 05:03

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 6.3
References () https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 - Third Party Advisory, US Government Resource

Information

Published : 2020-07-29 14:15

Updated : 2024-11-21 05:03


NVD link : CVE-2020-14486

Mitre link : CVE-2020-14486

CVE.ORG link : CVE-2020-14486


JSON object : View

Products Affected

openclinic_ga_project

  • openclinic_ga
CWE
CWE-285

Improper Authorization

CWE-863

Incorrect Authorization