Medical Informatics Engineering Enterprise Health CSV Injection Vulnerability

Vulnerability

A CSV injection vulnerability has been identified in Medical Informatics Engineering Enterprise Health. This vulnerability allows remote, authenticated attackers to inject macros into CSV files that can be downloaded. The issue affects several versions and was fixed on March 14, 2025.

Impact

Exploitation of this vulnerability allows for CSV injection, where injected macros could be executed when the CSV file is opened in a program that supports such features, like Microsoft Excel.

Added: Sep 29, 2025, 8:17 PM

Updated: Sep 29, 2025, 8:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Medical Informatics Engineering Enterprise Health CSV Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating