CVE-2024-50589

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 8, 2024

CWE ID 306

Summary

CVE-2024-50589 is a newly identified cybersecurity vulnerability that affects medical offices with unprotected Fast Healthcare Interoperability Resources (FHIR) APIs. An unauthenticated attacker, who has local network access, can exploit this vulnerability to gain unauthorized access to sensitive electronic health records (EHR) through FHIR API queries. This issue poses a significant risk to patient privacy, making it crucial for medical offices to secure their FHIR APIs with proper authentication mechanisms. Unpatched systems are at heightened risk, making prompt mitigation a priority.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Elefant

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/z1zqx_
https://www.cve.org/CVERecord?id=CVE-2024-50589
https://nvd.nist.gov/vuln/detail/CVE-2024-50589

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners

CVE-2024-50589

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations