Skip to main content

Audit Tracking Management System

1 CVEs product

Monthly

CVE-2026-57913 HIGH PATCH This Week

Unauthorized information disclosure in Johnson & Johnson's Audit Tracking Management System (ATMS) allowed remote attackers to view sensitive audit meeting minutes and transcripts without authentication in instances deployed before 2026-04-21. The flaw stems from client-side enforcement of access controls (CWE-602), meaning the server failed to verify authorization before returning confidential audit records. A public security research write-up by Eaton Works documents the issue, though no weaponized exploit or active exploitation (KEV) has been confirmed, and no public exploit code was identified at time of analysis.

Information Disclosure Audit Tracking Management System
NVD
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthorized information disclosure in Johnson & Johnson's Audit Tracking Management System (ATMS) allowed remote attackers to view sensitive audit meeting minutes and transcripts without authentication in instances deployed before 2026-04-21. The flaw stems from client-side enforcement of access controls (CWE-602), meaning the server failed to verify authorization before returning confidential audit records. A public security research write-up by Eaton Works documents the issue, though no weaponized exploit or active exploitation (KEV) has been confirmed, and no public exploit code was identified at time of analysis.

Information Disclosure Audit Tracking Management System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy