Описание
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 1.12.0 (включая) до 1.12.1 (исключая)Версия от 2.0.0 (включая) до 2.0.8 (исключая)Версия от 2.1.0 (включая) до 2.1.4 (исключая)
Одно из
cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*
cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*
cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.93328
Критический
10 Critical
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
EPSS
Процентиль: 100%
0.93328
Критический
10 Critical
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-502