Skip to main content

Population Health

4 CVEs product

Monthly

CVE-2015-4594 CRITICAL POC THREAT Emergency

eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Authentication Bypass Population Health
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.3%
CVE-2015-4593 HIGH POC This Week

eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Population Health
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4592 HIGH POC This Week

eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Population Health
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-4591 MEDIUM POC This Month

eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Population Health
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Emergency

eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Authentication Bypass Population Health
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Population Health
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Population Health
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Population Health
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy