Lucene search
MendCVELIST:CVE-2021-25920HistoryMar 22, 2021 - 7:29 p.m.
CVE-2021-25920
2021-03-2219:29:54
Mend
www.cve.org
0.002 Low
EPSS
Percentile
57.6%
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
CNA Affected
[
{
"product": "openemr",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.7.2-rc1, 2.7.2-rc2, 2.7.2, 2.7.3-rc1, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.9.0, 3.0.0, 3.0.1, 3.1.0, 3.2.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.0.3, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.2.4, 6.0.0"
}
]
}
]Related
cve
cve
CVE-2021-25920
2021-03-22 20:15:17
prion
prion
Improper access control
2021-03-22 20:15:00
osv
osv
CVE-2021-25920
2021-03-22 20:15:17
nvd
nvd
CVE-2021-25920
2021-03-22 20:15:17
openvas
openvas
OpenEMR 2.7.2-rc1 < 6.0.0.1 Access Control Vulnerability
2021-03-29 00:00:00