Vulnerabilities > CVE-2024-23747 - Authorization Bypass Through User-Controlled Key vulnerability in Modernasistemas Modernanet Hospital Management System 2024

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

modernasistemas

CWE-639

NVD

Published: 2024-01-29

Updated: 2024-02-02

Summary

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

Vulnerable Configurations

Part	Description	Count
Application	Modernasistemas Modernasistemas Modernanet Hospital Management System 2024 -	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References