Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.
Published: 2025-09-29
Updated: 2026-01-02
Base Score: 4.9
Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N
Severity: Medium
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: Medium
Base Score: 4.6
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Severity: Medium
EPSS: 0.00012