CGM CLININET Smart Card Authentication Vulnerability Allowing Certificate Number-Based Access

Vulnerability

A vulnerability exists in the CGM CLININET system's smart card authentication process. Authentication is performed locally on the client device, relying solely on the certificate number for access verification. This flaw allows possession of the certificate number alone to suffice for authentication, regardless of the actual presence of the smart card or ownership of the private key. The vulnerability affects all versions of CGM CLININET prior to 2025.MS2.

Impact

Exploitation of this vulnerability allows for unauthorized access to the system, bypassing smart card authentication and enabling access to user accounts based solely on the certificate number.

Added: Mar 2, 2026, 12:20 PM

Updated: Mar 2, 2026, 12:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CGM CLININET Smart Card Authentication Vulnerability Allowing Certificate Number-Based Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating