Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in Asseco Infomedica Plus
Vulnerability Description
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control. Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0
CVSS Information
N/A
Vulnerability Type
CWE-1220
Vulnerability Title
Asseco InfoMedica 安全漏洞
Vulnerability Description
Asseco InfoMedica是波兰Asseco公司的一款综合性医疗信息管理系统。 Asseco InfoMedica 4.50.1版本和5.38.0版本之前版本存在安全漏洞,该漏洞源于访问控制粒度不足,可能导致获取其他账户编码密码。
CVSS Information
N/A
Vulnerability Type
N/A