CVE-2021-44160

January 10, 2022

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.

Summary:

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.

Reference Links(if available):

  • https://www.twcert.org.tw/tw/cp-132-5429-4185b-1.html

  • CVSS Score (if available)

    v2: / HIGH

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    alerts

    Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

    April 25, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

    April 25, 2024
    hkcert

    Cisco Products Multiple Vulnerabilities

    April 25, 2024
    HIBP Banner 1

    T2 – 94,584 breached accounts

    April 25, 2024
    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 25, 2024