CVE-2024-50589

CVE-2024-50589: Unprotected FHIR API

Vendor Hasomed
Product Elefant
Weakness CWE-306 · Missing auth
Published November 8, 2024
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).

Key dates

02Disclosure timeline

November 8, 2024 CVE published
November 3, 2025 Record updated