Unauthorized Access to Connex Portal's Database via SQL Injection Vulnerabilities
CVE-2024-6795

9.8CRITICAL

Key Information:

Vendor: Baxter
Status: Connex Health Portal
Vendor: CVE Published:; 9 September 2024

What is CVE-2024-6795?

In the Connex Health Portal released prior to August 30, 2024, SQL injection vulnerabilities were identified that could enable an unauthenticated attacker to access sensitive database information. By submitting specially crafted payloads, an attacker could potentially manipulate or disclose database content, as well as perform critical administrative actions including shutting down the database. This exposes the portal to serious security risks, affecting both data integrity and availability.

Affected Version(s)

Connex Health Portal 0 < 8/30/2024

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Jul 16, 2024

Baxter

What is CVE-2024-6795?

Affected Version(s)

References

CVSS V3.1

Timeline