CVE-2021-43935 HIGH

CVE-2021-43935: ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products

Vendor Hillrom
Product Welch Allyn Q-Stress Cardiac Stress Testing System
Weakness CWE-288
Published December 15, 2021
Last update September 16, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.

Key dates

02Disclosure timeline

December 15, 2021 CVE published
September 16, 2024 Record updated