CVE-2024-51132

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 6, 2024
CWE ID 611

Summary

CVE-2024-51132 is a newly disclosed XML External Entity (XXE) vulnerability affecting HAPI FHIR versions prior to 6.4.0. This issue enables attackers to access confidential data or execute unintended code by sending crafted XML requests with malicious entities. XXE vulnerabilities occur when an application fails to properly validate and sanitize XML inputs, potentially leading to serious security risks. In the context of HAPI FHIR, this vulnerability could allow unauthorized access to sensitive health information or execution of arbitrary code, posing significant risks to both data privacy and system integrity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share