Local Privilege Escalation Vulnerability in Medicalis Workflow Orchestrator
CVE-2024-37999
7.8HIGH
Key Information
- Vendor
- Siemens
- Status
- Medicalis Workflow Orchestrator
- Vendor
- CVE Published:
- 8 July 2024
Badges
π° News Worthy
Summary
A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.
Affected Version(s)
Medicalis Workflow Orchestrator 0
News Articles
prophaze.comCVE-2024-37999CVE-2024-37999 : SIEMENS MEDICALIS WORKFLOW ORCHESTRATOR IMPROPER OWNERSHIP MANAGEMENT - Cloud WAF
CVE-2024-37999 : A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access.
6 months ago
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- π°
First article discovered by prophaze.com
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database1 News Article(s)