CVE-2020-14485

Critical

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to…

icscert·CWE-288·Published 2020-07-20

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

244 chars

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.

NVDen

244 chars

NVDes

306 chars

OpenClinic GA versiones 5.09.02 y 5.89.05b, pueden permitir a un atacante omitir los controles de acceso del lado del cliente o usar una petición diseñada para iniciar una sesión con una funcionalidad limitada, lo que puede permitir una ejecución de funcionalidades administrativas tales como consultas SQL

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H