eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
eClinicalWorks Population Health (CCMR) suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.