Vulnerability Description
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
CVSS Score
4.0
MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openmrs | Openmrs | 2.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.hExploit
- http://www.securityfocus.com/bid/70664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97693
- http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.hExploit
- http://www.securityfocus.com/bid/70664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97693
FAQ
What is CVE-2014-8072?
CVE-2014-8072 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
How severe is CVE-2014-8072?
CVE-2014-8072 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8072?
Check the references section above for vendor advisories and patch information. Affected products include: Openmrs Openmrs.