CVE-2021-25920
Published
CVSS v3
6.5
MEDIUM
CVSS v2
5.5
MEDIUM
Affected
1
PROJECT
Description
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
The most popular open source electronic health records and medical practice management solution.
GitHub