Session fixation

eClinicalWorks Population Health CCMR suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID...

CVE-2015-4594

eClinicalWorks Population Health CCMR suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID...

CVE-2015-4591

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

CVE-2015-4593

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

Cross site request forgery (csrf)

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

CVE-2015-4593

CVE-2015-4593 refers to a cross-site request forgery vulnerability in the EClinicalWorks Population Health (CCMR) Client Portal, specifically in portalUserService.jsp. The issue could allow remote attackers to hijack content administrator authentication and perform actions such as creating, modif...

CVE-2015-4592

The CVE-2015-4592 entry concerns eClinicalWorks Population Health (CCMR) Client Portal Software. A SQL injection vulnerability exists in portalUserService.jsp that allows remote authenticated users to inject arbitrary malicious database commands as part of user input. The issue is documented acro...

CVE-2015-4594

CVE-2015-4594 affects eClinicalWorks Population Health CCMR Client Portal. The root cause is a missing new session ID upon user authentication, enabling session fixation by reusing an existing session ID. The vulnerability implies potential compromise of active sessions (high/critical impact per ...

CVE-2015-4593

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

CVE-2015-4591

CVE-2015-4591 relates to the eClinicalWorks Population Health (CCMR) Client Portal. The vulnerability is a cross-site scripting (XSS) weakness in login.jsp that allows injection of arbitrary JavaScript via the strMessage parameter. The underlying issue is insufficient input sanitization of this p...

CVE-2015-4591

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

EClinicalWorks Population Health (CCMR) Client Portal Session Fixation Vulnerability

EClinicalWorks Population Health a.k.a. eClinicalWorks CCMR is a suite of population health solutions from EClinicalWorks, Inc. in the U.S. Client Portal is one of the portals. A session fixation vulnerability exists in the EClinicalWorks Population Health Client Portal that can be exploited by a...

EClinicalWorks Population Health Client Portal SQL Injection Vulnerability

EClinicalWorks Population Health is a suite of population health solutions from EClinicalWorks, Inc. that provides dashboard analytics, patient appointment scheduling, care planning, and a secure network for patient referrals, among other features.Client Portal is one of these portals. SQL...

EClinicalWorks Population Health Client Portal Cross-Site Scripting Vulnerability

EClinicalWorks Population Health is a suite of population health solutions from EClinicalWorks, Inc. that provides dashboard analytics, patient appointment scheduling, care planning, and a secure network for patient referrals, among other features.Client Portal is one of these portals. A cross-si...

EClinicalWorks Population Health Client Portal Cross-Site Request Forgery Vulnerability

EClinicalWorks Population Health is a suite of population health solutions from EClinicalWorks, Inc. that provides dashboard analytics, patient appointment scheduling, care planning, and a secure network for patient referrals, among other features.Client Portal is one of these portals. A cross-si...

eClinicalWorks (CCMR) - Multiple Vulnerabilities

Title: eClinicalWorks CCMR - Multiple Vulnerabilities Vendor: https://www.eclinicalworks.com Product: eClinicalWorks Population Health CCMR Client Portal Software URL: https://www.eclinicalworks.com/products-services/population-health-ccmr/ Credit: Jerold Hoong -----------------------------------...