SB2020070308 - Multiple vulnerabilities in OpenClinic GA

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020070308

SB2020070308 - Multiple vulnerabilities in OpenClinic GA

Published: July 3, 2020

Security Bulletin ID SB2020070308
Severity
High
Patch available
NO
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 58% Low 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2020-14485)

The vulnerability allows a remote attacker to bypass authentication process.  

The vulnerability exist due to improper implementation of the authentication process. A remote attacker can bypass client-side access controls or use a specially crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.


2) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2020-14484)

The vulnerability allows a remote attacker to gain access to the system.

The vulnerability exists due to the authentication mechanism has no brute-force prevention. A remote attacker can bypass the system’s account lockout protection, perform a brute-force authentication attack and gain access to the target system.


3) Improper Authentication (CVE-ID: CVE-2020-14494)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can perform a brute-force attack, bypass authentication process and gain unauthorized access to the application.


4) Missing Authorization (CVE-ID: CVE-2020-14491)

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected system does not properly check permissions before executing SQL queries. A remote authenticated attacker can gain access to privileged information.


5) Command Injection (CVE-ID: CVE-2020-14493)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote authenticated attacker can use SQL syntax to write arbitrary files to the server, which may allow the execution of arbitrary commands. 


6) Arbitrary file upload (CVE-ID: CVE-2020-14488)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote authenticated attacker can upload a malicious file and execute it on the server.


7) Path traversal (CVE-ID: CVE-2020-14490)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system or execute arbitrary files.


8) Improper Authorization (CVE-ID: CVE-2020-14486)

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to improper authorization. A remote authenticated attacker can bypass authorization checks by ignoring the redirect of a permission failure, leading to unauthorized execution of commands.


9) Cross-site scripting (CVE-ID: CVE-2020-14492)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


10) Code Injection (CVE-ID: CVE-2020-14495)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected system contains third-party software versions that are end-of-life and contain known vulnerabilities. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


11) Insufficiently protected credentials (CVE-ID: CVE-2020-14489)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected system stores passwords using inadequate hashing complexity. A local attacker can recover passwords using known password cracking techniques..


12) Hidden functionality (CVE-ID: CVE-2020-14487)

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References