CVE-2024-6795 Information

Description

In Connex health portal released before8/30/2024 SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal’s database. 

An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content

and/or perform administrative operations including shutting down the database.

Reference

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01