Vulnerabilities > CVE-2018-19276 - Deserialization of Untrusted Data vulnerability in Openmrs

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
openmrs
CWE-502
critical
exploit available
metasploit

Summary

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.

Common Weakness Enumeration (CWE)

Exploit-Db

  • idEDB-ID:47792
    last seen2019-12-18
    modified2019-12-18
    published2019-12-18
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/47792
    titleOpenMRS - Java Deserialization RCE (Metasploit)
  • fileexploits/java/webapps/46327.txt
    idEDB-ID:46327
    last seen2019-02-05
    modified2019-02-05
    platformjava
    port
    published2019-02-05
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46327
    titleOpenMRS Platform < 2.24.0 - Insecure Object Deserialization
    typewebapps

Metasploit

descriptionOpenMRS is an open-source platform that supplies users with a customizable medical record system. There exists an object deserialization vulnerability in the `webservices.rest` module used in OpenMRS Platform. Unauthenticated remote code execution can be achieved by sending a malicious XML payload to a Rest API endpoint such as `/ws/rest/v1/concept`. This module uses an XML payload generated with Marshalsec that targets the ImageIO component of the XStream library. Tested on OpenMRS Platform `v2.1.2` and `v2.21` with Java 8 and Java 9.
idMSF:EXPLOIT/MULTI/HTTP/OPENMRS_DESERIALIZATION
last seen2020-06-14
modified2019-12-04
published2019-11-05
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/openmrs_deserialization.rb
titleOpenMRS Java Deserialization RCE

Packetstorm