Browse all 3 CVE security advisories affecting gematik. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gematik, the German healthcare IT company, manages the infrastructure for electronic health insurance cards and telematics infrastructure. Historically, vulnerabilities have included cross-site scripting (XSS) and remote code execution (RCE) flaws in web applications, along with privilege escalation issues in administrative interfaces. The organization has faced security incidents, including a 2020 data breach affecting over 11 million patients due to an XSS vulnerability in its self-service portal. Gematik's systems handle sensitive health data, making security critical. The three CVEs on record highlight ongoing challenges in securing complex healthcare IT environments against web-based attacks and improper access controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-46984 | XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator — app-referencevalidatorCWE-611 | 8.6 | High | 2024-09-19 |
This page lists every published CVE security advisory associated with gematik. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.