CVE-2020-5732

Summary

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators.

Affected Software

VendorProductVersion RangeStatus
n/aOpenMRSVersions 2.90 and prioraffected

Weaknesses

  • Authentication Bypass

ADP Enrichment

CVE Program Container

Additional References

References