Good’s Basic Laboratory Information System version 3.5 Improper Authentication Vulnerability

Summary

Computing For Good’s Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from “Improper Access Control.” 

Credit:

The information has been provided by Aditi Shah 

The original article can be found at:https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/


Details

As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation.

 

Vulnerable Systems:

Good’s Basic Laboratory Information System version 3.5

 

CVE Information:

CVE-2019-5643

 

Disclosure Timeline:
Published Date:11/6/2019