CVE-2024-6795

Vulnerability in Baxter Connex Health Portal

Description

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database.

Remediation

Solution:

Baxter is unaware of any exploitation of this vulnerability and/or the compromise of personal or health data. Baxter patched all impacted systems promptly to address this vulnerability. No user action is required.

References

Link	Tags
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2024-6795?: CVE-2024-6795 has been scored as a critical severity vulnerability.
How to fix CVE-2024-6795?: To fix CVE-2024-6795: Baxter is unaware of any exploitation of this vulnerability and/or the compromise of personal or health data. Baxter patched all impacted systems promptly to address this vulnerability. No user action is required.
Is CVE-2024-6795 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-6795 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-6795?: CVE-2024-6795 affects Baxter Connex Health Portal.

Description

Remediation

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions