{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-23T03:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}, {"tags": ["x_refsource_MISC"], "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12796", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291", "refsource": "MISC", "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"name": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1", "refsource": "MISC", "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}, {"name": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html", "refsource": "MISC", "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:51:06.168Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12796", "datePublished": "2017-10-23T04:00:00", "dateReserved": "2017-08-10T00:00:00", "dateUpdated": "2024-08-05T18:51:06.168Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC2390B4-BFC2-454E-8A9C-705E364A507D", "versionEndExcluding": "2.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request."}, {"lang": "es", "value": "Reporting Compatibility Add On en versiones anteriores a la 2.0.4 para OpenMRS, tal y como se distribuye en OpenMRS Reference Application en versiones anteriores a la 2.6.1, no autentica usuarios cuando deserializa entradas XML en objetos ReportSchema. El resultado es que usuarios remotos no autenticados pueden ejecutar comandos del sistema operativo manipulando cargas \u00fatiles XML maliciosas, tal y como demuestra una \u00fanica petici\u00f3n admin/reports/reportSchemaXml.form."}], "id": "CVE-2017-12796", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-23T04:29:00.210", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}