CVE-2025-54156
18.08.2025, 22:15
The Sante PACS Server Web Portal sends credential information without encryption.Enginsight
| Vendor | Product | Version |
|---|---|---|
| santesoft | sante_pacs_server | 𝑥 < 4.2.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.