Multiple vulnerabilities in OpenClinic GA



Published: 2020-07-03
Risk High
Patch available NO
Number of vulnerabilities 12
CVE-ID CVE-2020-14485
CVE-2020-14484
CVE-2020-14494
CVE-2020-14491
CVE-2020-14493
CVE-2020-14488
CVE-2020-14490
CVE-2020-14486
CVE-2020-14492
CVE-2020-14495
CVE-2020-14489
CVE-2020-14487
CWE-ID CWE-288
CWE-307
CWE-287
CWE-862
CWE-77
CWE-434
CWE-22
CWE-285
CWE-79
CWE-94
CWE-522
CWE-912
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
OpenClinic GA
Web applications / CMS

Vendor Frank Verbeke

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Authentication bypass using an alternate path or channel

EUVDB-ID: #VU29499

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14485

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.  

The vulnerability exist due to improper implementation of the authentication process. A remote attacker can bypass client-side access controls or use a specially crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU29500

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14484

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to the system.

The vulnerability exists due to the authentication mechanism has no brute-force prevention. A remote attacker can bypass the system’s account lockout protection, perform a brute-force authentication attack and gain access to the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Authentication

EUVDB-ID: #VU29501

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14494

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can perform a brute-force attack, bypass authentication process and gain unauthorized access to the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Missing Authorization

EUVDB-ID: #VU29502

Risk: Medium

CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14491

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected system does not properly check permissions before executing SQL queries. A remote authenticated attacker can gain access to privileged information.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Command Injection

EUVDB-ID: #VU29503

Risk: Medium

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14493

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote authenticated attacker can use SQL syntax to write arbitrary files to the server, which may allow the execution of arbitrary commands. 

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Arbitrary file upload

EUVDB-ID: #VU29504

Risk: Medium

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14488

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote authenticated attacker can upload a malicious file and execute it on the server.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Path traversal

EUVDB-ID: #VU29505

Risk: Medium

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14490

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system or execute arbitrary files.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper Authorization

EUVDB-ID: #VU29506

Risk: Medium

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14486

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to improper authorization. A remote authenticated attacker can bypass authorization checks by ignoring the redirect of a permission failure, leading to unauthorized execution of commands.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Cross-site scripting

EUVDB-ID: #VU29507

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14492

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Code Injection

EUVDB-ID: #VU29508

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14495

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected system contains third-party software versions that are end-of-life and contain known vulnerabilities. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Insufficiently protected credentials

EUVDB-ID: #VU29509

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14489

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected system stores passwords using inadequate hashing complexity. A local attacker can recover passwords using known password cracking techniques..

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Hidden functionality

EUVDB-ID: #VU29510

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14487

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic GA: 5.09.02, 5.89.05 b

CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsma-20-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###