Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: March 22, 2021
OverviewIn OpenEMR, versions 2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
DetailsThe “OpenEMR” application does not enforce adequate checks while creating users. Provided two users are named, one with uppercase and one with lowercase, it is possible for a malicious user to read and send sensitive messages on behalf of the victim user, while totally unknown to the victim user.
PreventionUpgrade to version 126.96.36.199
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||High|
|User Interaction (UI):||None|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Low|