CVE-2021-32101 - Vulnerability Details - OpenCVE

ReportizFlow

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Open-emr	Openemr

Configuration 1 [-]

cpe:2.3:a:open-emr:openemr:5.0.2.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431
https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592
https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-07T03:50:56

Updated: 2024-08-03T23:17:28.950Z

Reserved: 2021-05-07T00:00:00

Link: CVE-2021-32101

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-07T04:15:07.387

Modified: 2024-11-21T06:06:50.690

Link: CVE-2021-32101

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-07T03:50:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"}, {"tags": ["x_refsource_MISC"], "url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"}, {"tags": ["x_refsource_MISC"], "url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"}, {"tags": ["x_refsource_MISC"], "url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2021-32101", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability", "refsource": "MISC", "url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"}, {"name": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592", "refsource": "MISC", "url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"}, {"name": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431", "refsource": "MISC", "url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"}, {"name": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal", "refsource": "MISC", "url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:17:28.950Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-32101", "datePublished": "2021-05-07T03:50:56", "dateReserved": "2021-05-07T00:00:00", "dateUpdated": "2024-08-03T23:17:28.950Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:5.0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BCFA8AD2-1361-43D5-9580-A7F43B3390D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient."}, {"lang": "es", "value": "El Patient Portal of OpenEMR versi\u00f3n 5.0.2.1, est\u00e1 afectado por un sistema de control de acceso incorrecto en el archivo portal/patient/_machine_config.php. Para explotar la vulnerabilidad, un atacante no autenticado puede registrar una cuenta, sin pasar por la comprobaci\u00f3n de permisos de la API de este portal. Luego, el atacante puede manipular y leer los datos de cada paciente registrado"}], "id": "CVE-2021-32101", "lastModified": "2024-11-21T06:06:50.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-05-07T04:15:07.387", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "[email protected]", "type": "Primary"}]}