exploitDog

CVE-2021-40352

Опубликовано: 01 сент. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.

Ссылки

http://packetstormsecurity.com/files/164011/OpenEMR-6.0.0-Insecure-Direct-Object-Reference.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/allenenosh/CVE-2021-40352
Exploit
Third Party Advisory
https://www.open-emr.org/wiki/index.php/Securing_OpenEMR
Product
Vendor Advisory
http://packetstormsecurity.com/files/164011/OpenEMR-6.0.0-Insecure-Direct-Object-Reference.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/allenenosh/CVE-2021-40352
Exploit
Third Party Advisory
https://www.open-emr.org/wiki/index.php/Securing_OpenEMR
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open-emr:openemr:6.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04642

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-vrxh-2fg8-68v6

CVSS3: 6.5

github

больше 3 лет назад

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.

EPSS

Процентиль: 89%

0.04642

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639