CVE-2024-50589

EUVD-2024-44966
An unauthenticated attacker with access to the local network of the 
medical office can query an unprotected Fast Healthcare Interoperability
 Resources (FHIR) API to get access to sensitive electronic health 
records (EHR).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Common Weakness Enumeration
References
https://hasomed.de/produkte/elefant/
https://r.sec-consult.com/hasomed
http://seclists.org/fulldisclosure/2024/Nov/3