CVE-2022-38765

MEDIUM

Canon Medical Informatics Vitrea Vision <7.7.76.1 - Privilege Escal...

Title source: llm
STIX 2.1

Description

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0032
EPSS Percentile 54.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (1)
canon/vitrea_view < 7.8
Published Dec 09, 2022
Tracked Since Feb 18, 2026