Asseco mMedica Authentication Bypass Vulnerability Allowing Unauthenticated Database Access
Vulnerability
A vulnerability exists in Asseco mMedica versions prior to 11.9.5, allowing unauthenticated users to connect to publicly accessible databases using arbitrary credentials. This vulnerability exploits a previously authenticated connection through the 'mmBackup' application, bypassing authentication mechanisms and granting unauthorized access to sensitive data within the database.
Impact
Exploitation of this vulnerability could lead to unauthorized access to databases containing sensitive information, potentially allowing for data manipulation or extraction.
Added: Oct 28, 2025, 12:18 PM
Updated: Oct 28, 2025, 12:18 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
7.4remediation
0.0relevance
0.8threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.