Vulnerabilities > CVE-2018-19276 - Deserialization of Untrusted Data vulnerability in Openmrs
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
id EDB-ID:47792 last seen 2019-12-18 modified 2019-12-18 published 2019-12-18 reporter Exploit-DB source https://www.exploit-db.com/download/47792 title OpenMRS - Java Deserialization RCE (Metasploit) file exploits/java/webapps/46327.txt id EDB-ID:46327 last seen 2019-02-05 modified 2019-02-05 platform java port published 2019-02-05 reporter Exploit-DB source https://www.exploit-db.com/download/46327 title OpenMRS Platform < 2.24.0 - Insecure Object Deserialization type webapps
Metasploit
description | OpenMRS is an open-source platform that supplies users with a customizable medical record system. There exists an object deserialization vulnerability in the `webservices.rest` module used in OpenMRS Platform. Unauthenticated remote code execution can be achieved by sending a malicious XML payload to a Rest API endpoint such as `/ws/rest/v1/concept`. This module uses an XML payload generated with Marshalsec that targets the ImageIO component of the XStream library. Tested on OpenMRS Platform `v2.1.2` and `v2.21` with Java 8 and Java 9. |
id | MSF:EXPLOIT/MULTI/HTTP/OPENMRS_DESERIALIZATION |
last seen | 2020-06-14 |
modified | 2019-12-04 |
published | 2019-11-05 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/openmrs_deserialization.rb |
title | OpenMRS Java Deserialization RCE |
Packetstorm
data source https://packetstormsecurity.com/files/download/151553/openmrsplatform-deserialize.txt id PACKETSTORM:151553 last seen 2019-02-06 published 2019-02-06 reporter Bishop Fox source https://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html title OpenMRS Platform Insecure Object Deserialization data source https://packetstormsecurity.com/files/download/155691/openmrs_deserialization.rb.txt id PACKETSTORM:155691 last seen 2019-12-17 published 2019-12-17 reporter Nicolas Serra source https://packetstormsecurity.com/files/155691/OpenMRS-Java-Deserialization-Remote-Code-Execution.html title OpenMRS Java Deserialization Remote Code Execution
References
- http://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html
- http://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html
- http://packetstormsecurity.com/files/155691/OpenMRS-Java-Deserialization-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/155691/OpenMRS-Java-Deserialization-Remote-Code-Execution.html
- https://know.bishopfox.com/advisories/news/2019/02/openmrs-insecure-object-deserialization
- https://know.bishopfox.com/advisories/news/2019/02/openmrs-insecure-object-deserialization
- https://talk.openmrs.org/t/critical-security-advisory-cve-2018-19276-2019-02-04/21607
- https://talk.openmrs.org/t/critical-security-advisory-cve-2018-19276-2019-02-04/21607
- https://www.exploit-db.com/exploits/46327/
- https://www.exploit-db.com/exploits/46327/