MidnightBSD

Advisories for ephiphanyheathdata

CVE-2015-6538 HIGH

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ephiphanyheathdata cardio_server 3.3
ephiphanyheathdata cardio_server 4.1
ephiphanyheathdata cardio_server 4.0