Vulnerabilities > CVE-2018-19276 - Deserialization of Untrusted Data vulnerability in Openmrs

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

openmrs

CWE-502

critical

exploit available

metasploit

NVD

Published: 2019-03-21

Updated: 2023-03-03

Summary

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.

Vulnerable Configurations

Part	Description	Count
Application	Openmrs Openmrs Openmrs 2.0.0 Openmrs Openmrs 2.0.1 Openmrs Openmrs 2.0.2 Openmrs Openmrs 2.0.3 Openmrs Openmrs 2.0.4 Openmrs Openmrs 2.0.4.1 Openmrs Openmrs 2.0.5 Openmrs Openmrs 2.0.6 Openmrs Openmrs 2.0.7 Openmrs Openmrs 1.12.0 Openmrs Openmrs 2.1.0 Openmrs Openmrs 2.1.1 Openmrs Openmrs 2.1.2 Openmrs Openmrs 2.1.3	19

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Exploit-Db

id EDB-ID:47792
last seen 2019-12-18
modified 2019-12-18
published 2019-12-18
reporter Exploit-DB
source https://www.exploit-db.com/download/47792
title OpenMRS - Java Deserialization RCE (Metasploit)

file	exploits/java/webapps/46327.txt
id	EDB-ID:46327
last seen	2019-02-05
modified	2019-02-05
platform	java
port
published	2019-02-05
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46327
title	OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
type	webapps

Metasploit

description	OpenMRS is an open-source platform that supplies users with a customizable medical record system. There exists an object deserialization vulnerability in the `webservices.rest` module used in OpenMRS Platform. Unauthenticated remote code execution can be achieved by sending a malicious XML payload to a Rest API endpoint such as `/ws/rest/v1/concept`. This module uses an XML payload generated with Marshalsec that targets the ImageIO component of the XStream library. Tested on OpenMRS Platform `v2.1.2` and `v2.21` with Java 8 and Java 9.
id	MSF:EXPLOIT/MULTI/HTTP/OPENMRS_DESERIALIZATION
last seen	2020-06-14
modified	2019-12-04
published	2019-11-05
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19276 https://talk.openmrs.org/t/critical-security-advisory-cve-2018-19276-2019-02-04/21607 https://know.bishopfox.com/advisories/news/2019/02/openmrs-insecure-object-deserialization https://github.com/mpgn/CVE-2018-19276/
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/openmrs_deserialization.rb
title	OpenMRS Java Deserialization RCE

Packetstorm

data source	https://packetstormsecurity.com/files/download/151553/openmrsplatform-deserialize.txt
id	PACKETSTORM:151553
last seen	2019-02-06
published	2019-02-06
reporter	Bishop Fox
source	https://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html
title	OpenMRS Platform Insecure Object Deserialization

data source	https://packetstormsecurity.com/files/download/155691/openmrs_deserialization.rb.txt
id	PACKETSTORM:155691
last seen	2019-12-17
published	2019-12-17
reporter	Nicolas Serra
source	https://packetstormsecurity.com/files/155691/OpenMRS-Java-Deserialization-Remote-Code-Execution.html
title	OpenMRS Java Deserialization Remote Code Execution

id	EDB-ID:47792
last seen	2019-12-18
modified	2019-12-18
published	2019-12-18
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47792
title	OpenMRS - Java Deserialization RCE (Metasploit)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Metasploit

Packetstorm

References