CVE-2024-50589

high

Description

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).

References

https://r.sec-consult.com/hasomed

https://hasomed.de/produkte/elefant/

http://seclists.org/fulldisclosure/2024/Nov/3

Details

Source: Mitre, NVD

Published: 2024-11-08

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N