CGM CLININET Authorization Bypass Vulnerability Allowing Access to Other Users' Messages and Attachments

Vulnerability

A vulnerability exists in the CGM CLININET application due to the use of direct, sequential object identifiers 'MessageID' without adequate authorization checks. This flaw allows attackers to modify the 'MessageID' parameter in GET requests to access messages and attachments belonging to other users. The vulnerability affects all CGM CLININET versions prior to 2025.MS4.

Impact

Exploitation of this vulnerability allows for unauthorized access to messages and attachments of other users.

Added: Mar 2, 2026, 12:18 PM

Updated: Mar 2, 2026, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CGM CLININET Authorization Bypass Vulnerability Allowing Access to Other Users' Messages and Attachments

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating