CVE-2021-32101

Опубликовано: 07 мая 2021

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.

Ссылки

https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
Third Party Advisory
https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431
Vendor Advisory
https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592
Third Party Advisory
https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal
Third Party Advisory
https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
Third Party Advisory
https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431
Vendor Advisory
https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592
Third Party Advisory
https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open-emr:openemr:5.0.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00217

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-r449-xcxv-p6m2

github

больше 3 лет назад

BDU:2021-03268