Search criteria
3 vulnerabilities found for clinical_task_tracker by sap
FKIE_CVE-2015-2814
Vulnerability from fkie_nvd - Published: 2015-04-01 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | clinical_task_tracker | * | |
| sap | emr_unwired | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:clinical_task_tracker:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "0F6F8FF3-8898-4962-88B4-B2211B27384F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:emr_unwired:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DB7C29AB-1650-484B-9DCA-7A2BE1147B76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079."
},
{
"lang": "es",
"value": "SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) y Clinical Task Tracker (com.sap.mobile.healthcare.ctt) no restringe correctamente el acceso, lo que permite a atacantes remotos cambiar las configuraciones backendurl, clientid, ssourl, y infopageurl a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como la nota de seguridad de SAP 2117079."
}
],
"id": "CVE-2015-2814",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-01T14:59:12.803",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/73701"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-2814 (GCVE-0-2015-2814)
Vulnerability from cvelistv5 – Published: 2015-04-01 14:00 – Updated: 2024-08-06 05:24
VLAI?
Summary
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/"
},
{
"name": "73701",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/"
},
{
"name": "73701",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/"
},
{
"name": "73701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2814",
"datePublished": "2015-04-01T14:00:00",
"dateReserved": "2015-04-01T00:00:00",
"dateUpdated": "2024-08-06T05:24:38.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2814 (GCVE-0-2015-2814)
Vulnerability from nvd – Published: 2015-04-01 14:00 – Updated: 2024-08-06 05:24
VLAI?
Summary
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/"
},
{
"name": "73701",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/"
},
{
"name": "73701",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/"
},
{
"name": "73701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2814",
"datePublished": "2015-04-01T14:00:00",
"dateReserved": "2015-04-01T00:00:00",
"dateUpdated": "2024-08-06T05:24:38.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}