Primary

Context

Carestream Clinical Collaboration Platform Session Token Exposure Vulnerability Allowing Session Hijacking

Vulnerability

A vulnerability in Carestream Clinical Collaboration Platform version 12.2.1.5 allows remote attackers to intercept session tokens transmitted via the URL's query string. This exposure can lead to session hijacking, as attackers can use the captured tokens to impersonate users. Additionally, the application's logout functionality is weak, leaving session tokens valid even after a user has logged out.

Impact

Exposing session tokens in URLs can lead to session hijacking, allowing attackers to impersonate users by using the intercepted tokens.

Remediation

Carestream applications should avoid sending session tokens through URLs. Instead, use HTTP cookies or hidden form fields that are submitted via the POST method.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.3

remediation

0.0

relevance

0.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.3

remediation

0.0

relevance

0.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Carestream Clinical Collaboration Platform Session Token Exposure Vulnerability Allowing Session Hijacking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating