SQL Injection Vulnerability in Philips Healthcare Tasy EMR
CVE-2021-39375

8.8HIGH

Key Information:

Vendor: Philips
Status: Tasy Electronic Medical Record
Vendor: CVE Published:; 24 August 2021

Summary

A SQL injection vulnerability exists in the Philips Healthcare Tasy Electronic Medical Record (EMR) version 3.06. This vulnerability is introduced through the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter, allowing attackers to manipulate SQL queries. Exploiting this flaw could potentially enable unauthorized access to sensitive data stored in the EMR system, posing serious risks to patient privacy and data integrity.

References

https://diesec.home.blog/2021/08/24/philips-tasy-emr-3-06...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 24, 2021
Vulnerability Reserved
Aug 23, 2021