Description
The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
High
Availability (Subsequent System)
None
Affected products
- CGM / CGM CLININET0 – 2025.MS2