CVE-2024-50589

EUVD-2024-44966
An unauthenticated attacker with access to the local network of the 
medical office can query an unprotected Fast Healthcare Interoperability
 Resources (FHIR) API to get access to sensitive electronic health 
records (EHR).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
hasomedelefant
𝑥
< 24.04.00
ADP
Common Weakness Enumeration
References
https://hasomed.de/produkte/elefant/
https://r.sec-consult.com/hasomed
http://seclists.org/fulldisclosure/2024/Nov/3