CVE-2017-12796
The CVE-2017-12796 issue affects the OpenMRS Reporting Compatibility Add On prior to 2.0.4 (distributed in the OpenMRS Reference Application prior to 2.6.1). It does not authenticate users during XML deserialization into ReportSchema objects, allowing remote unauthenticated users to execute opera...