Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
CGM CLININET: Unrestricted Access via Username Only
CVE-2025-30035
Summary
CGM CLININET users are at risk of unauthorized access to their accounts if an attacker knows their username. This means that anyone with a username can potentially log in without a password, gaining access to sensitive user data and system privileges. To protect your account, change your password immediately and ensure all users do so as well.
Original title
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any o...
Original description
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.
nvd CVSS4.0
9.0
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026