What is CVE-2018-19276?

CVE-2018-19276 is a critical-severity vulnerability in N/a. CVSS score: 10.0/10. Published 2019-03-17.

How severe is CVE-2018-19276?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2018-19276 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-19276

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.

EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deseriali… (x_refsource_MISC)
46327 (exploit, x_refsource_EXPLOIT-DB)
packetstormsecurity.com/files/155691/OpenMRS-Java-Deserialization-Remote-Code-E… (x_refsource_MISC)
know.bishopfox.com/advisories/news/2019/02/openmrs-insecure-object-deserializat… (x_refsource_MISC)
talk.openmrs.org/t/critical-security-advisory-cve-2018-19276-2019-02-04/21607 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-19276?: CVE-2018-19276 is a critical-severity vulnerability in N/a. CVSS score: 10.0/10. Published 2019-03-17.
How severe is CVE-2018-19276?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2018-19276 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.