Vulnerability Details CVE-2019-5617
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.5%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
References
- https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/
- https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/
Products affected by CVE-2019-5617
-
cpe:2.3:a:gatech:computing_for_good's_basic_laboratory_information_system:-
-
cpe:2.3:a:gatech:computing_for_good's_basic_laboratory_information_system:3.3
-
cpe:2.3:a:gatech:computing_for_good's_basic_laboratory_information_system:3.4