Primary

Context

Vertikal Systems Hospital Manager Backend Services ASP.NET Error Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in Vertikal Systems Hospital Manager Backend Services, prior to September 19, 2025, where the application returned detailed ASP.NET error pages for invalid WebResource.axd requests. This error messaging disclosed sensitive information, including framework and ASP.NET version details, stack traces, internal file paths, and the insecure 'customErrors mode="Off"' configuration. Such information could have aided reconnaissance efforts by unauthenticated attackers.

Impact

Exploitation of this vulnerability could allow an unauthenticated attacker to gather sensitive information about the server and the application, potentially facilitating further attacks.

Remediation

Vertikal Systems has addressed this vulnerability. For more information, users should contact Vertikal Systems support.

Added: Oct 29, 2025, 10:17 PM

Updated: Oct 29, 2025, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vertikal Systems Hospital Manager Backend Services ASP.NET Error Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating