CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-6538

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.epiphanyhealthdata.com/blog/certresponse
https://www.kb.cert.org/vuls/id/630239
http://www.epiphanyhealthdata.com/blog/certresponse
https://www.kb.cert.org/vuls/id/630239

Products affected by CVE-2015-6538

Ephiphanyheathdata » Cardio Server » Version: 3.3

cpe:2.3:a:ephiphanyheathdata:cardio_server:3.3
Ephiphanyheathdata » Cardio Server » Version: 4.0

cpe:2.3:a:ephiphanyheathdata:cardio_server:4.0
Ephiphanyheathdata » Cardio Server » Version: 4.1

cpe:2.3:a:ephiphanyheathdata:cardio_server:4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-6538

Products

Pricing

Contact Us