CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5644

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile2.47th
PublishedNov 6, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator.

Affected Platforms (CPE)

📦
Gatech

Computing For Good\'s Basic Laboratory Information System

<= 3.5

References & Advisories

🔗 https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/
🔗 https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/

Related Vulnerabilities

CVE-2019-561710.0

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance...

CVE-2019-56435.3

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...