Skip to main content

Openmrs CVE-2014-8072

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2014-10-23 cve@mitre.org
4.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 23, 2014 - 14:55 cve.org
MEDIUM 4.0

DescriptionCVE.org

The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.

AnalysisAI

The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. Affected products include: Openmrs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-12796 CRITICAL POC
9.8 Oct 23

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.

CVE-2022-23612 HIGH POC
7.5 Feb 22

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical rec

CVE-2014-8073 MEDIUM POC
6.8 Oct 23

Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the

CVE-2020-5733 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login pag

CVE-2020-5732 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page

CVE-2020-5731 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. Rated medi

CVE-2020-5730 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. Rated

CVE-2020-5729 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which

CVE-2020-5728 MEDIUM POC
6.1 Apr 17

OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (suc

CVE-2025-25925 MEDIUM POC
4.8 Mar 11

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web sc

CVE-2014-8071 MEDIUM POC
4.3 Oct 23

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject a

Share

CVE-2014-8072 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy