An unauthenticated attacker with access to the local network of the
medical office can query an unprotected Fast Healthcare Interoperability
Resources (FHIR) API to get access to sensitive electronic health
records (EHR).
References
Configurations
No configuration.
History
08 Nov 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
08 Nov 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-08 12:15
Updated : 2024-11-08 19:01
NVD link : CVE-2024-50589
Mitre link : CVE-2024-50589
CVE.ORG link : CVE-2024-50589
JSON object : View
Products Affected
No product.
CWE
CWE-306
Missing Authentication for Critical Function