← Volver a CVEs
CVE-2018-19276
CRITICAL9.8
Descripcion
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/21/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
openmrs:openmrs
Debilidades (CWE)
CWE-502
Referencias
http://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html(cve@mitre.org)
http://packetstormsecurity.com/files/155691/OpenMRS-Java-Deserialization-Remote-Code-Execution.html(cve@mitre.org)
https://know.bishopfox.com/advisories/news/2019/02/openmrs-insecure-object-deserialization(cve@mitre.org)
https://talk.openmrs.org/t/critical-security-advisory-cve-2018-19276-2019-02-04/21607(cve@mitre.org)
https://www.exploit-db.com/exploits/46327/(cve@mitre.org)
http://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155691/OpenMRS-Java-Deserialization-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://know.bishopfox.com/advisories/news/2019/02/openmrs-insecure-object-deserialization(af854a3a-2127-422b-91ae-364da2661108)
https://talk.openmrs.org/t/critical-security-advisory-cve-2018-19276-2019-02-04/21607(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46327/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.