Back to search
CVE-2021-40375
Published: Apr 6, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This response can be read in an intercepting proxy or by viewing the page source. Sensitive information returned in responses includes patient PII and medication records or history.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://openeyes.apperta.org/
x_refsource_MISC
https://github.com/DCKento/CVE-2021-40375
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now