Vulnerabilities

CVE-2020-28937

by Fred · 03/12/2020

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient’s medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.

Date published : 2020-12-03

https://labs.bishopfox.com/advisories/openclinic-version-0.8.2

Similar

Tags: Cybersecurity Alert