First published: Thu Dec 08 2022(Updated: )
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canon Vitrea View | <7.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38765 is a vulnerability in Canon Medical Informatics Vitrea Vision 7.7.76.1 that allows an authenticated user to gain unauthorized access to imaging records.
The severity of CVE-2022-38765 is medium with a CVSS score of 6.5.
CVE-2022-38765 allows an authenticated user to tamper with the vitrea-view/studies/search patientId parameter to gain unauthorized access to imaging records.
Canon Medical Informatics Vitrea Vision versions up to and excluding 7.8 are affected by CVE-2022-38765.
To fix CVE-2022-38765, it is recommended to apply the necessary security updates provided by Canon Medical Informatics.