Vulnerabilities > CVE-2015-6538 - Unspecified vulnerability in Ephiphanyheathdata Cardio Server 3.3/4.0/4.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ephiphanyheathdata

NVD

Published: 2015-12-27

Updated: 2015-12-28

Summary

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. <a href="https://cwe.mitre.org/data/definitions/90.html">CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')</a>

Vulnerable Configurations

Part	Description	Count
Application	Ephiphanyheathdata Ephiphanyheathdata Cardio Server 3.3 Ephiphanyheathdata Cardio Server 4.0 Ephiphanyheathdata Cardio Server 4.1	3

References

http://www.epiphanyhealthdata.com/blog/certresponse
https://www.kb.cert.org/vuls/id/630239