CGM CLININET Session ID Leak Vulnerability via NTFS Alternate Data Stream

Vulnerability

A vulnerability has been identified in CGM CLININET, all versions prior to 2025.MS1, involving the unintentional exposure of session IDs. This leak occurs when files are downloaded from CGM CLININET, as the session ID is stored in an NTFS alternate data stream (ADS) due to a Windows security feature that adds metadata to files downloaded from untrusted sources.

Impact

Exploitation of this vulnerability leads to the unintentional disclosure of session IDs, which could be used to hijack user sessions.

Added: Aug 27, 2025, 11:24 AM

Updated: Aug 27, 2025, 11:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CGM CLININET Session ID Leak Vulnerability via NTFS Alternate Data Stream

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating