{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:31:41.193","vulnerabilities":[{"cve":{"id":"CVE-2021-44160","sourceIdentifier":"twcert@cert.org.tw","published":"2021-12-29T08:15:06.703","lastModified":"2024-11-21T06:30:28.230","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user."},{"lang":"es","value":"La página de inicio de sesión de Carinal Tien Hospital Health Report System presenta una autenticación inapropiada, un atacante remoto puede adquirir el privilegio de otro usuario general al modificar el parámetro de la cookie sin autenticación. El atacante puede entonces llevar a cabo operaciones limitadas en el sistema o modificar los datos, haciendo que el servicio esté parcialmente no disponible para el usuario"}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cth:carinal_tien_hospital_health_report_system:-:*:*:*:*:*:*:*","matchCriteriaId":"89569AAC-76FE-4E90-BAD6-CFB7520741D3"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-5429-4185b-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-5429-4185b-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}