CVE-2020-14494

CRITICAL

OpenClinic GA 5.09.02 and 5.89.05b - Improper Authentication

Title source: llm
STIX 2.1

Description

OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01

Scores

CVSS v3 9.8
EPSS 0.0131
EPSS Percentile 66.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287 CWE-307
Status published
Products (2)
openclinic_ga_project/openclinic_ga 5.09.02
openclinic_ga_project/openclinic_ga 5.89.05b
Published Jul 20, 2020
Tracked Since Feb 18, 2026