{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-50589", "ASSIGNER": "security-research@sec-consult.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "An unauthenticated attacker with access to the local network of the \nmedical office can query an unprotected Fast Healthcare Interoperability\n Resources (FHIR) API to get access to sensitive electronic health \nrecords (EHR)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function", "cweId": "CWE-306" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "HASOMED", "product": { "product_data": [ { "product_name": "Elefant", "version": { "version_data": [ { "version_affected": "=", "version_value": "<24.04.00" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://r.sec-consult.com/hasomed", "refsource": "MISC", "name": "https://r.sec-consult.com/hasomed" }, { "url": "https://hasomed.de/produkte/elefant/", "refsource": "MISC", "name": "https://hasomed.de/produkte/elefant/" } ] }, "generator": { "engine": "Vulnogram 0.2.0" }, "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.

" } ], "value": "While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor." } ], "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

The vendor fixed the issue in version 24.04.00 (or higher) which can be downloaded from hasomed.de/produkte/elefant/ or via the Elefant Software Updater.

" } ], "value": "The vendor fixed the issue in version 24.04.00\u00a0(or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater." } ], "credits": [ { "lang": "en", "value": "Tobias Niemann, SEC Consult Vulnerability Lab" }, { "lang": "en", "value": "Daniel Hirschberger, SEC Consult Vulnerability Lab" }, { "lang": "en", "value": "Florian Stuhlmann, SEC Consult Vulnerability Lab" } ] }