CGM CliniNET Missing Authentication Vulnerability Allowing Unauthenticated Session ID Access

Vulnerability

A vulnerability in CGM CliniNET software prior to version 2024.MS4 allows unauthenticated users to download files containing session ID information. This is achieved by accessing the '/cgi-bin/CliniNET.prd/utils/userlogxls.pl' endpoint directly. The session IDs can be exploited to hijack user sessions, including those of administrators.

Impact

Exploitation of this vulnerability leads to unauthorized access to user session IDs, which can be used to hijack those sessions. This includes sessions of users with administrative privileges.

Added: Aug 27, 2025, 11:23 AM

Updated: Aug 27, 2025, 11:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CGM CliniNET Missing Authentication Vulnerability Allowing Unauthenticated Session ID Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating