CVE-2020-14485

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-14485

CWE

https://cwe.mitre.org/data/definitions/288.html

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name	Vendor	Start Version	End Version
Openclinic_ga	Openclinic_ga_project	5.09.02 (including)	5.09.02 (including)
Openclinic_ga	Openclinic_ga_project	5.89.05b (including)	5.89.05b (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/127.html
https://cwe.mitre.org/data/definitions/665.html

References

https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01

Authentication Bypass Using an Alternate Path or Channel

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References