| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-4592 | 6.5 |
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
|
14-03-2019 - 01:02 | 10-01-2017 - 15:59 | |
| CVE-2015-4593 | 6.8 |
eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the c
|
14-03-2019 - 00:57 | 10-01-2017 - 15:59 | |
| CVE-2015-4594 | 7.5 |
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
|
13-03-2019 - 18:59 | 10-01-2017 - 15:59 | |
| CVE-2015-4591 | 4.3 |
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
|
13-03-2019 - 16:00 | 10-01-2017 - 15:59 |