Incorrect Execution-Assigned Permissions

CVE-2024-37734

High

9.8/10

Summary

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-279 - Incorrect Execution-Assigned Permissions

While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

References

Advisory Timeline

Published Jun 26, 2024

Incorrect Execution-Assigned Permissions

CVE-2024-37734

Summary

CWE-279 - Incorrect Execution-Assigned Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS