A high-severity vulnerability has been discovered in multiple 'was' products, specifically impacting RemoteClinic version 2 and earlier. This flaw could be exploited by an attacker to gain unauthorized access to the application's underlying database, potentially resulting in the theft or modification of sensitive patient information. Organizations are urged to apply the vendor-provided security updates immediately to mitigate the significant risk of a data breach.

This vulnerability is a SQL Injection flaw within the data retrieval components of the affected software. A remote, authenticated attacker can send a specially crafted request to a vulnerable API endpoint to execute arbitrary SQL commands on the backend database. Successful exploitation allows the attacker to bypass security controls to read, modify, or delete sensitive data stored in the database, including Protected Health Information (PHI).

This vulnerability presents a high-risk threat to the organization, reflected by its CVSS score of 7.3. Exploitation could lead to a significant data breach, compromising sensitive patient or customer data, which may trigger severe regulatory fines (e.g., under HIPAA or GDPR), reputational damage, and a loss of client trust. The ability for an attacker to alter or delete records could also disrupt critical business operations, compromise data integrity, and negatively impact patient care or service delivery.

Immediate Action: Apply the security updates provided by the vendor across all affected systems without delay. Following the deployment of patches, closely monitor system and application logs for any signs of compromise or unusual activity that may have occurred prior to remediation.

Proactive Monitoring: Security teams should monitor for anomalous database queries, especially those containing SQL keywords like UNION, SELECT, or sleep/wait commands originating from the application server. Review Web Application Firewall (WAF) and network traffic logs for suspicious requests targeting the application's API endpoints. Establish baselines for normal user and application behavior to more effectively detect deviations that could indicate an attack.

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with strict rulesets designed to detect and block SQL injection attempts. Additionally, restrict network access to the vulnerable application to only trusted IP ranges and ensure the application's database service account is configured with the principle of least privilege to limit the impact of a potential breach.

Public Exploit Available: false

Given the high severity rating (CVSS 7.3) and the direct risk to sensitive data, organizations must prioritize the immediate deployment of the vendor-supplied patches as an emergency change. While this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential for significant impact makes it a prime target for future attacks. Proactive patching is the most critical and effective defense to prevent exploitation and protect the organization from a potential data breach and operational disruption.