Summaryinfo

A vulnerability has been found in HL7 C-CDA 1.1 and classified as problematic. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2014-3862. No exploit exists.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in HL7 C-CDA 1.1. This issue affects an unknown part. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. The summary by CVE is:

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

The weakness was disclosed 09/02/2014 (Website). It is possible to read the advisory at motorcycleguy.blogspot.com. The identification of this vulnerability is CVE-2014-3862 since 05/25/2014. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-70789 and VDB-70786 are pretty similar. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• HL7

Name

• C-CDA

Version

• 1.1

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion