Description
Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts.
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability permits an attacker to view meeting minutes and transcripts that were intended to be restricted. This results in the disclosure of potentially sensitive internal communications, compromising confidentiality and possibly violating regulatory requirements. The weakness is a broken access control flaw (CWE‑602).

Affected Systems

Johnson & Johnson Audit Tracking Management System, prior to the 2026‑04‑21 release. No specific version numbers are identified; the vulnerability exists in all releases before that date.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. Exploitability was not investigated enough to assign an EPSS score, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need access to the web interface and could exploit the broken access controls; no prerequisites beyond authentication are mentioned, so the risk depends on the access privileges available to the attacker.

Generated by OpenCVE AI on June 26, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest update to the ATMS that addresses the access control flaw.
  • Enforce strict role‑based access controls so that only authorized personnel can view meeting minutes and transcripts.
  • Regularly audit and monitor access logs for suspicious activity related to the document pages.

Generated by OpenCVE AI on June 26, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Disclosure of Meeting Minutes and Transcripts in ATMS

Fri, 26 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 11:00:00 +0000

Type Values Removed Values Added
Description Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts.
Weaknesses CWE-602
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-26T12:04:34.631Z

Reserved: 2026-06-26T10:06:46.011Z

Link: CVE-2026-57913

cve-icon Vulnrichment

Updated: 2026-06-26T12:04:30.991Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T13:00:14Z

Weaknesses
  • CWE-602

    Client-Side Enforcement of Server-Side Security