Vulnerabilities > CVE-2015-6538 - Unspecified vulnerability in Ephiphanyheathdata Cardio Server 3.3/4.0/4.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ephiphanyheathdata

critical

NVD

Published: 2015-12-27

Updated: 2015-12-28

Summary

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.

Vulnerable Configurations

Part	Description	Count
Application	Ephiphanyheathdata Ephiphanyheathdata Cardio Server 3.3 Ephiphanyheathdata Cardio Server 4.0 Ephiphanyheathdata Cardio Server 4.1	3

References

http://www.epiphanyhealthdata.com/blog/certresponse
https://www.kb.cert.org/vuls/id/630239