Description


An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.

Related CPE's


Could not find any relations

Weaknesses


Could not find any weaknesses

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-09-30T18:15:05.827

1 week ago

Last modified

2024-10-04T13:51:25.567

1 week ago