CGM CLININET Authentication Bypass Vulnerability Allowing Session Takeover

Vulnerability

An authentication bypass vulnerability has been identified in CGM CLININET, all versions prior to 2025.MS4. This vulnerability allows an attacker to gain access to any active user account by simply providing the username, without needing a password or any other credentials. Once a session ID is obtained, it can be used for session takeover, granting access to the system with the privileges of the targeted user.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, with full privileges of the targeted user, enabling session takeover.

Added: Mar 2, 2026, 12:21 PM

Updated: Mar 2, 2026, 12:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CGM CLININET Authentication Bypass Vulnerability Allowing Session Takeover

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating