NVD

Id
16515  
Name
CVE-2010-5308  
Description
GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-18  
Published
2015-08-04  
Modified Date
2015-08-05  
Seq
2010-5308  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
92504 16515 CVE-2010-5308 http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4  View
92505 16515 CVE-2010-5308 http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/  View
92506 16515 CVE-2010-5308 https://twitter.com/digitalbond/status/619250429751222277  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
8695 JVNDB-2015-004015 GE Healthcare Optima MR360 におけるアクセス権を取得される脆弱性 GE Healthcare Optima MR360 は、HIPAA の緊急ログインのプロシージャに対して認証を要求しないため、アクセス権を取得される脆弱性が存在します。 CVE-2010-5308 47888 CVE-2010-5308 16515 10 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004015.html 2015-07-10 2015-08-06 View