ID CVE-2018-19276
Summary OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
References
Vulnerable Configurations
  • cpe:2.3:a:openmrs:openmrs:2.1:*:*:*:standalone:*:*:*
    cpe:2.3:a:openmrs:openmrs:2.1:*:*:*:standalone:*:*:*
CVSS
Base: 10.0 (as of 09-10-2019 - 23:37)
Impact:
Exploitability:
CWE CWE-502
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
exploit-db 46327
misc http://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html
vulnerable_product via4 cpe:2.3:a:openmrs:openmrs:2.1:*:*:*:standalone:*:*:*
Last major update 09-10-2019 - 23:37
Published 21-03-2019 - 16:00
Back to Top