Good’s Basic Laboratory Information System version 3.5 Improper Privilege Management Vulnerability

Summary

Computing For Good’s Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, “Improper Access Control.” 

Credit:

The information has been provided by Aditi Shah 

The original article can be found at:https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed

 


Details

As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator.

 

Vulnerable Systems:

Good’s Basic Laboratory Information System version 3.5 

 

CVE Information:

CVE-2019-5644

 

Disclosure Timeline:
Published Date:11/6/2019