The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XCgm Clininet
APPCgm< 2025.ms3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-30042CRITICAL9.0PL ✓ten sam produkt
CGM CLININET: Obejście uwierzytelnienia kartą chipową poprzez sam numer certyfikatu
CVE-2025-58402HIGH7.1ten sam produkt
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorizati...
CVE-2025-58405MEDIUM5.3ten sam produkt
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP...