CVE-2020-14485

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-14485

CWE

https://cwe.mitre.org/data/definitions/288.html

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.

Weakness

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name	Vendor	Start Version	End Version
Openclinic_ga	Openclinic_ga_project	5.09.02 (including)	5.09.02 (including)
Openclinic_ga	Openclinic_ga_project	5.89.05b (including)	5.89.05b (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/127.html
https://cwe.mitre.org/data/definitions/665.html

References

https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01

Authentication Bypass Using an Alternate Path or Channel

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References