CVE-2022-2732

Missing Authorization in openemr/openemr

Severity Score

8.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

Una Administración inapropiada de Privilegios en el repositorio de GitHub openemr/openemr versiones anteriores a 7.0.0.1

*Credits: N/A

CVSS Scores

NISTv3.1 8.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-09 CVE Reserved
2022-08-09 CVE Published
2024-03-01 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-862: Missing Authorization

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533	2024-08-03

URL	Date	SRC
https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6	2024-02-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Open-emr Search vendor "Open-emr"		Openemr Search vendor "Open-emr" for product "Openemr"				< 7.0.0.1 Search vendor "Open-emr" for product "Openemr" and version " < 7.0.0.1"		-		Affected