Search criteria
4 vulnerabilities found for Health4All by Agito Computer
CVE-2024-12918 (GCVE-0-2024-12918)
Vulnerability from cvelistv5 – Published: 2025-02-24 14:18 – Updated: 2025-02-24 16:56
VLAI?
Title
SQLi in Agito Computer's Health4All
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Agito Computer | Health4All |
Affected:
0 , < 10.01.2025
(custom)
|
Credits
Kaan ATMACA
Secure Future Inc.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T16:56:15.630186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T16:56:38.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Health4All",
"vendor": "Agito Computer",
"versions": [
{
"lessThan": "10.01.2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kaan ATMACA"
},
{
"lang": "en",
"type": "sponsor",
"value": "Secure Future Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Agito Computer Health4All allows SQL Injection.\u003cp\u003eThis issue affects Health4All: before 10.01.2025.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T14:18:46.482Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0042"
}
],
"source": {
"advisory": "TR-25-0042",
"defect": [
"TR-25-0042"
],
"discovery": "UNKNOWN"
},
"title": "SQLi in Agito Computer\u0027s Health4All",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-12918",
"datePublished": "2025-02-24T14:18:17.909Z",
"dateReserved": "2024-12-24T14:33:02.633Z",
"dateUpdated": "2025-02-24T16:56:38.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12917 (GCVE-0-2024-12917)
Vulnerability from cvelistv5 – Published: 2025-02-24 14:14 – Updated: 2025-02-24 16:58
VLAI?
Title
Improper Access Control in Agito Computer's Health4All
Summary
Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.
Severity ?
8.3 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Agito Computer | Health4All |
Affected:
0 , < 10.01.2025
(custom)
|
Credits
Kaan ATMACA
Secure Future Inc.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T16:58:00.233811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T16:58:24.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Health4All",
"vendor": "Agito Computer",
"versions": [
{
"lessThan": "10.01.2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kaan ATMACA"
},
{
"lang": "en",
"type": "sponsor",
"value": "Secure Future Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.\u003cp\u003eThis issue affects Health4All: before 10.01.2025.\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
},
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T14:14:55.690Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0042"
}
],
"source": {
"advisory": "TR-25-0042",
"defect": [
"TR-25-0042"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Agito Computer\u0027s Health4All",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-12917",
"datePublished": "2025-02-24T14:14:55.690Z",
"dateReserved": "2024-12-24T14:32:27.505Z",
"dateUpdated": "2025-02-24T16:58:24.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12918 (GCVE-0-2024-12918)
Vulnerability from nvd – Published: 2025-02-24 14:18 – Updated: 2025-02-24 16:56
VLAI?
Title
SQLi in Agito Computer's Health4All
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Agito Computer | Health4All |
Affected:
0 , < 10.01.2025
(custom)
|
Credits
Kaan ATMACA
Secure Future Inc.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T16:56:15.630186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T16:56:38.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Health4All",
"vendor": "Agito Computer",
"versions": [
{
"lessThan": "10.01.2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kaan ATMACA"
},
{
"lang": "en",
"type": "sponsor",
"value": "Secure Future Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Agito Computer Health4All allows SQL Injection.\u003cp\u003eThis issue affects Health4All: before 10.01.2025.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T14:18:46.482Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0042"
}
],
"source": {
"advisory": "TR-25-0042",
"defect": [
"TR-25-0042"
],
"discovery": "UNKNOWN"
},
"title": "SQLi in Agito Computer\u0027s Health4All",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-12918",
"datePublished": "2025-02-24T14:18:17.909Z",
"dateReserved": "2024-12-24T14:33:02.633Z",
"dateUpdated": "2025-02-24T16:56:38.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12917 (GCVE-0-2024-12917)
Vulnerability from nvd – Published: 2025-02-24 14:14 – Updated: 2025-02-24 16:58
VLAI?
Title
Improper Access Control in Agito Computer's Health4All
Summary
Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.
Severity ?
8.3 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Agito Computer | Health4All |
Affected:
0 , < 10.01.2025
(custom)
|
Credits
Kaan ATMACA
Secure Future Inc.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T16:58:00.233811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T16:58:24.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Health4All",
"vendor": "Agito Computer",
"versions": [
{
"lessThan": "10.01.2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kaan ATMACA"
},
{
"lang": "en",
"type": "sponsor",
"value": "Secure Future Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.\u003cp\u003eThis issue affects Health4All: before 10.01.2025.\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
},
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T14:14:55.690Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0042"
}
],
"source": {
"advisory": "TR-25-0042",
"defect": [
"TR-25-0042"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Agito Computer\u0027s Health4All",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-12917",
"datePublished": "2025-02-24T14:14:55.690Z",
"dateReserved": "2024-12-24T14:32:27.505Z",
"dateUpdated": "2025-02-24T16:58:24.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}