Main Vulnerability Database Vulnerabilities #VU29499

#VU29499 Authentication bypass using an alternate path or channel in OpenClinic GA - CVE-2020-14485

Published: July 3, 2020

Vulnerability identifier: #VU29499

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-14485

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenClinic GA

Software vendor:
Frank Verbeke

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exist due to improper implementation of the authentication process. A remote attacker can bypass client-side access controls or use a specially crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-20-184-01