What is CVE-2015-4453?

CVE-2015-4453 is a vulnerability in Open-emr Openemr, classified under Improper Authentication. Published 2015-07-05.

Is CVE-2015-4453 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Open-emr Openemr

CVE-2015-4453

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fa…

Vulnerability class: Broken Authentication

EPSS: 0.409 (97.5th percentile) — read the EPSS interpretation.

Affected products

Open-emr Openemr — versions 2.8.3, 2.9.0, 3.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

20150618 CVE-2015-4453 - Authentication bypass in OpenEMR (mailing-list, x_refsource_FULLDISC)
JVNDB-2015-000092 (x_refsource_JVNDB, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
JVN#22677713 (x_refsource_JVN, third-party-advisory, Vendor Advisory)
cve@mitre.org (Patch, x_refsource_MISC, Vendor Advisory)
75299 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2015-4453?: CVE-2015-4453 is a vulnerability in Open-emr Openemr, classified under Improper Authentication. Published 2015-07-05.
Is CVE-2015-4453 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.