CVE-2024-35659Missing Authorization in Design Kivicare

CWE-862Missing AuthorizationCWE-639Authorization Bypass Through User-Controlled Key3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 38.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Iqonic Design KivicareIqonic Kivicare
Timeline
PublishedJun 8

Description

Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5iqonic_design/kivicare3.6.6
NVDiqonic/kivicare3.6.4

🔴Vulnerability Details

2
CVEList
WordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerability2024-06-08
GHSA
GHSA-4jx9-685f-c6rh: Authorization Bypass Through User-Controlled Key vulnerability in KiviCare2024-06-08
CVE-2024-35659 — Missing Authorization | cvebase