Hospital Queuing Management
Monthly
Information disclosure in Advantech Hospital Queuing Management allows unauthenticated remote attackers to retrieve internal API documentation by requesting a specific URL, exposing the application's API surface, endpoints, and parameters. The flaw carries a high CVSS 4.0 base score of 8.7 driven entirely by confidentiality impact, but there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The leaked documentation primarily serves as reconnaissance that lowers the barrier to attacking other endpoints of this healthcare queuing platform.
Information disclosure in Advantech Hospital Queuing Management allows unauthenticated remote attackers to retrieve internal API documentation by requesting a specific URL, exposing the application's API surface, endpoints, and parameters. The flaw carries a high CVSS 4.0 base score of 8.7 driven entirely by confidentiality impact, but there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The leaked documentation primarily serves as reconnaissance that lowers the barrier to attacking other endpoints of this healthcare queuing platform.