Command Execution Vulnerability in OpenEMR by OpenEMR
CVE-2019-3968

8.8HIGH

Key Information:

Vendor: Open-emr
Status: Openemr
Vendor: CVE Published:; 20 August 2019

What is CVE-2019-3968?

In versions of OpenEMR prior to 5.0.2, a security weakness exists that enables authenticated attackers to execute arbitrary commands on the host system by exploiting the Scanned Forms interface during the creation of new forms. This flaw presents a significant risk, as it allows malicious users to perform unauthorized actions and potentially compromise system integrity.

Affected Version(s)

OpenEMR 5.0.1 and earlier

References

https://www.tenable.com/security/research/tra-2019-40

x_refsource_MISC

EPSS Score

53% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2019
Vulnerability Reserved
Jan 3, 2019

CVE-2019-3968 Data

JSON

Open-emr

What is CVE-2019-3968?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline