OpenMRS is an open-source platform that supplies users with a customizable medical record system. There exists an object deserialization vulnerability in the webservices.rest module used in OpenMRS Platform. Unauthenticated remote code execution can be achieved by sending a malicious XML payload to a Rest API endpoint such as /ws/rest/v1/concept. This Metasploit module uses an XML payload generated with Marshalsec that targets the ImageIO component of the XStream library. Tested on OpenMRS Platform v2.1.2 and v2.21 with Java 8 and Java 9.
6f1e855ade450fdc21c2afb884ec83e11fd67f1b304b45c6db40c7d5cf974dc7OpenMRS Platform versions prior to 2.24.0 suffers from an insecure object deserialization vulnerability.
9bf1c1fe0961989653634a152fe1a2263d4a1488abc16bf63c5f68b95b248603
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed