CVE-2024-2317 LOW

CVE-2024-2317: Bdtask Hospital AutoManager Prescription Page improper authorization

Vendor Bdtask

Product Hospital AutoManager

Weakness CWE-285

Published March 8, 2024

Last update August 12, 2024

View on NVD All CVEs

CVSS base score

3.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

March 8, 2024 CVE published

August 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2317 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2026-35479 InvenTree Plugin Installation - Insufficient Permissions CVE-2025-48371 OpenFGA Authorization Bypass CVE-2022-31167 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference CVE-2021-28506 An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. CVE-2019-1859 Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability