Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Unauthenticated network access with no interaction (AV:N/AC:L/PR:N/UI:N); confidentiality set to Low (C:L) because only API documentation, not sensitive data, is exposed, with no integrity or availability impact.
Primary rating from Vendor (twcert).
CVSS VectorVendor: twcert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.
AnalysisAI
Information disclosure in Advantech Hospital Queuing Management allows unauthenticated remote attackers to retrieve internal API documentation by requesting a specific URL, exposing the application's API surface, endpoints, and parameters. The flaw carries a high CVSS 4.0 base score of 8.7 driven entirely by confidentiality impact, but there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only network reachability to the Hospital Queuing Management web application and knowledge of the specific URL that serves the API documentation; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication, no user interaction, and no special privileges are needed against an exposed instance. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N, score 8.7) indicates a network-reachable, low-complexity, unauthenticated, no-interaction attack with high confidentiality impact and no integrity or availability impact - internally consistent with an unauthenticated information-disclosure bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the Hospital Queuing Management web service over the network sends a single unauthenticated HTTP request to the known documentation URL and receives the full API documentation. They then use the disclosed endpoints and parameters to map the attack surface and craft follow-on attacks against the application. … |
| Remediation | Consult the TWCERT advisories (https://www.twcert.org.tw/en/cp-139-11012-63761-2.html and https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html) and apply the vendor-provided fixed version from Advantech once obtained - no exact fixed version is stated in the available data, so confirm the patched build directly with Advantech (No vendor-released patch version independently confirmed at time of analysis). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Advantech Hospital Queuing Management deployments and determine internet accessibility and patient-dependency criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40286
GHSA-h3wp-wq8p-j642