CVE-2020-5733

Summary

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information.

Affected Software

VendorProductVersion RangeStatus
n/aOpenMRSVersions 2.90 and prioraffected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References