CVE-2021-40352

Medium

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of…

mitre·CWE-639·Published 2021-09-01

CVSS

6.5

EPSS

0.10

KEV

Exploits

cve.orgen

149 chars

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.

NVDen

149 chars

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.

OpenEMR versión 6.0.0, presenta una vulnerabilidad de Referencia Directa a Objetos Inseguros en pnotes_print.php?noteid= por medio de la cual un atacante puede leer los mensajes de todos los usuarios

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N