Vulnerability Description
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osehra | Vista | - |
Related Weaknesses (CWE)
References
- http://www.darkreading.com/vulnerability/anatomy-of-an-electronic-health-record-
- http://www.osehra.org/blog/m2m-broker-security-patchPatch
- http://www.osehra.org/blog/vista-patch-available-osehra
- http://www.darkreading.com/vulnerability/anatomy-of-an-electronic-health-record-
- http://www.osehra.org/blog/m2m-broker-security-patchPatch
- http://www.osehra.org/blog/vista-patch-available-osehra
FAQ
What is CVE-2013-6945?
CVE-2013-6945 is a vulnerability with a CVSS score of 7.5 (HIGH). The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records ...
How severe is CVE-2013-6945?
CVE-2013-6945 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6945?
Check the references section above for vendor advisories and patch information. Affected products include: Osehra Vista.