The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote malicious users to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ephiphanyheathdata cardio server 4.1 |
||
ephiphanyheathdata cardio server 4.0 |
||
ephiphanyheathdata cardio server 3.3 |