This vulnerability in the e-Sushrut HMIS product from CDAC-Noida involves the use of reversible Base64 encoding to protect sensitive data. Because Base64 encoding is not a secure form of encryption, an authenticated attacker can decode and alter these encoded parameters in the request URL, leading to authorization bypass and unauthorized access to sensitive system information. The CVSS 4.0 score is 7.1, indicating high severity, with network attack vector, low attack complexity, no user interaction, and high impact on confidentiality. No official remediation or patch is currently documented, and the product is not a cloud service.

An attacker with authenticated access can bypass authorization controls by manipulating Base64-encoded parameters, potentially exposing sensitive information within the hospital management system. This compromises confidentiality but does not affect integrity or availability according to the CVSS vector. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider restricting authenticated user privileges and monitoring for suspicious parameter manipulation. Avoid relying on Base64 encoding for protecting sensitive data.