• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Multiple Vulnerabilities Found In Healthcare Software OpenEMR

You are here: Home / General Cyber Security News / Multiple Vulnerabilities Found In Healthcare Software OpenEMR
January 27, 2023

Scientists have identified 3 separate vulnerabilities in OpenEMR, an open-resource software package for electronic health and fitness documents and health care observe administration.

Cleanse code experts at Sonar posted an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf.

“During our security analysis of well-known web programs, we discovered quite a few code vulnerabilities in OpenEMR,” Brinkrolf wrote.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“A mixture of these vulnerabilities permits remote attackers to execute arbitrary program instructions on any OpenEMR server and to steal sensitive client info. In the worst scenario, they can compromise the whole critical infrastructure.”

The security skilled stated that the company’s static application security screening (SAST) motor uncovered that two of these 3 vulnerabilities combined could lead to unauthenticated remote code execution (RCE).

“In summary, an attacker can use the mirrored XSS, add a PHP file […] and then use the route traversal by way of the Nearby File Inclusion to execute the PHP file. It takes a couple attempts to determine out the ideal Unix timestamp but inevitably prospects to distant code execution.”

As for the third vulnerability, it authorized attackers to configure OpenEMR in a sure way in order to ultimately steal consumer data.

“In other text, if OpenEMR is established up properly, an unauthenticated attacker can go through files like certificates, passwords, tokens, and backups from an OpenEMR occasion by means of a rogue MySQL server,” Brinkrolf stated.

The security researcher included that Sonar described all issues to the OpenEMR maintainers on October 24, 2022, who then produced a patch to edition 7.., fixing all 3 vulnerabilities 7 times afterwards.

“If you are employing OpenEMR, we strongly recommend updating to the mounted versions mentioned previously mentioned,” the Sonar article concluded. “We want to thank the OpenEMR team for their expert and rapidly responses and patches.”

The patched vulnerabilities arrive pretty much five a long time right after scientists at Challenge Insecurity observed about 20 flaws (now fastened) in OpenEMR.


Some pieces of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Black Basta Deploys PlugX Malware in USB Devices With New Technique
Next Post: Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack ukraine hit with new golang based 'swiftslicer' wiper malware in latest»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
  • Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
  • OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach

Copyright © TheCyberSecurity.News, All Rights Reserved.