Vulnerability Details CVE-2021-43935
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.1%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
Products affected by CVE-2021-43935
-
cpe:2.3:a:baxter:welch_allyn_connex_cardio:1.0.0
-
cpe:2.3:a:baxter:welch_allyn_connex_cardio:1.1.1
-
cpe:2.3:a:baxter:welch_allyn_diagnostic_cardiology_suite:2.1.0
-
cpe:2.3:a:baxter:welch_allyn_rscribe_resting_ecg_system:5.01
-
cpe:2.3:a:baxter:welch_allyn_rscribe_resting_ecg_system:7.0.0
-
cpe:2.3:a:baxter:welch_allyn_vision_express_holter_analysis_system:6.1.0
-
cpe:2.3:a:baxter:welch_allyn_vision_express_holter_analysis_system:6.4.0
-
cpe:2.3:h:baxter:welch_allyn_hscribe_holter_analysis_system:-
-
cpe:2.3:h:baxter:welch_allyn_q-stress_cardiac_stress_testing_system:-
-
cpe:2.3:h:baxter:welch_allyn_xscribe_cardiac_stress_testing_system:-
-
cpe:2.3:o:baxter:welch_allyn_hscribe_holter_analysis_system_firmware:5.01
-
cpe:2.3:o:baxter:welch_allyn_hscribe_holter_analysis_system_firmware:6.4.0
-
cpe:2.3:o:baxter:welch_allyn_q-stress_cardiac_stress_testing_system_firmware:6.0.0
-
cpe:2.3:o:baxter:welch_allyn_q-stress_cardiac_stress_testing_system_firmware:6.3.1
-
cpe:2.3:o:baxter:welch_allyn_xscribe_cardiac_stress_testing_system_firmware:5.01
-
cpe:2.3:o:baxter:welch_allyn_xscribe_cardiac_stress_testing_system_firmware:6.3.1