CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5617

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile2.70th
PublishedNov 6, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user.

Affected Platforms (CPE)

📦
Gatech

Computing For Good\'s Basic Laboratory Information System

<= 3.4

References & Advisories

🔗 https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/
🔗 https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/

Related Vulnerabilities

CVE-2019-564410.0

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance...

CVE-2019-56435.3

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...