CVE Vulnerabilities

CVE-2015-6538

Published: Dec 27, 2015 | Modified: Dec 28, 2015
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.

Affected Software

Name Vendor Start Version End Version
Cardio_server Ephiphanyheathdata 3.3 3.3
Cardio_server Ephiphanyheathdata 4.0 4.0
Cardio_server Ephiphanyheathdata 4.1 4.1

References