Vulnerability Details : CVE-2014-8072
Potential exploit
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
Products affected by CVE-2014-8072
- cpe:2.3:a:openmrs:openmrs:2.1:*:*:*:standalone:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8072
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8072
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-8072
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8072
-
http://www.securityfocus.com/bid/70664
OpenMRS Multiple Security Vulnerabilities
-
http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html
OpenMRS 2.1 Access Bypass / XSS / CSRF ≈ Packet StormExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/97693
OpenMRS administration module security bypass CVE-2014-8072 Vulnerability Report
Jump to