Medical Informatics Engineering Enterprise Health includes session token in debug...

3.3 / 10

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Description

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.

Basic Information

ID CVE-2025-35031

Source cisa-cg

Published Sep 29, 2025 at 20:00

Affected Product

Vendor Medical Informatics Engineering

Product Enterprise Health

Version RC202503

Affected Versions Medical Informatics Engineering Enterprise Health RC202503
Medical Informatics Engineering Enterprise Health RC202409
Medical Informatics Engineering Enterprise Health RC202403

CWE Classification

CWE-1295

References

{
    "lastseen": "",
    "description": "Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.",
    "published": "2025-09-29T20:00:42.546Z",
    "modified": "2025-09-29T20:00:42.546Z",
    "type": "cve",
    "title": "Medical Informatics Engineering Enterprise Health includes session token in debug output",
    "source": "cisa-cg",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35031",
    "id": "CVE-2025-35031",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1295"
    ],
    "cvelist": null,
    "sourceData": "Medical Informatics Engineering Enterprise Health RC202503\nMedical Informatics Engineering Enterprise Health RC202409\nMedical Informatics Engineering Enterprise Health RC202403",
    "sourceHref": "",
    "cvss": {
        "score": 3.3,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Enterprise Health",
    "version": "RC202503",
    "vendor": "Medical Informatics Engineering",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Medical Informatics Engineering Enterprise Health includes session token in debug output_CVE-2025-35031