Unauthorized Access to Connex Portal's Database and/or Modification of Content Risks Discovered
CVE-2024-6796

9.1CRITICAL

Key Information:

Vendor: Baxter
Status: Connex Health Portal
Vendor: CVE Published:; 9 September 2024

What is CVE-2024-6796?

An improper access control vulnerability has been identified in the Baxter Connex Health Portal, versions released before August 30, 2024. This security flaw could enable an unauthenticated attacker to access the Connex portal's database without authorization, potentially allowing unauthorized content modification. The implications of this vulnerability include risks to the security of sensitive health information and data integrity within the portal.

Affected Version(s)

Connex Health Portal 0 < 8/30/2024

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Jul 16, 2024