CVE-2017-16776

Published: Dec 15, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://technical.nttsecurity.com/post/102emjm/conserus-workflow-intelligence-authentication-bypass-vulnerability

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-16776

Description

Affected Products

References