CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5643

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.1220%
EPSS Percentile8.85th
PublishedNov 6, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation.

Affected Platforms (CPE)

📦
Gatech

Computing For Good\'s Basic Laboratory Information System

<= 3.5

References & Advisories

🔗 https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/
🔗 https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/

Related Vulnerabilities

CVE-2019-561710.0

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance...

CVE-2019-564410.0

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...