CGM CLININET Missing Authentication Vulnerability Allowing Unrestricted Access to Internal Endpoints

Vulnerability

A vulnerability exists in CGM CLININET software, all versions prior to 2025.M2, allowing unauthenticated access to several endpoints that should be restricted to internal services. These endpoints, typically including '/int/' in their path, are publicly accessible to any host that can reach the application server on port 443/tcp.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal services, potentially allowing for further exploitation of the application or its users.

Added: Aug 27, 2025, 11:25 AM

Updated: Aug 27, 2025, 11:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CGM CLININET Missing Authentication Vulnerability Allowing Unrestricted Access to Internal Endpoints

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating