Agilonhealth (MphRx) Minerva 3.6.0
Approved changes feed: RSS · Atom
cpe:2.3:a:agilonhealth:minerva:3.6.0:*:*:*:*:*:*:*
part: a version: 3.6.0 update: *
| Vendor | Agilonhealth (c8c0e93f-ab2b-50ff-89f2-d4ba330a13e5) |
|---|---|
| Product | Minerva (56b39dd0-b10e-5920-9e65-7f5efe9a7515) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-5781 |
vulnerable | 2026-06-08 08:07:04.084924 |
Multiple vulnerabilities in MphRx's Minerva
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.
Published: 2026-04-28T11:44:26.342Z
Updated: 2026-04-28T13:40:55.237Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5780 |
vulnerable | 2026-06-08 08:07:04.084305 |
Multiple vulnerabilities in MphRx's Minerva
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authenticated user can access the data of other registered users simply by modifying the ID. This allows an attacker to obtain a list of users.
Published: 2026-04-28T11:43:08.482Z
Updated: 2026-04-28T13:41:20.182Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5779 |
vulnerable | 2026-06-08 08:07:04.083869 |
Multiple vulnerabilities in MphRx's Minerva
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.
Published: 2026-04-28T11:41:35.416Z
Updated: 2026-04-28T13:45:36.183Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.