CVE-2017-12796 - OpenCVE

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openmrs	Openmrs

Configuration 1 [-]

cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html
https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291
https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-23T04:00:00

Updated: 2024-08-05T18:51:06.168Z

Reserved: 2017-08-10T00:00:00

Link: CVE-2017-12796

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-10-23T04:29:00.210

Modified: 2017-11-21T16:26:50.230

Link: CVE-2017-12796

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-23T03:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}, {"tags": ["x_refsource_MISC"], "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12796", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291", "refsource": "MISC", "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"name": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1", "refsource": "MISC", "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}, {"name": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html", "refsource": "MISC", "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:51:06.168Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12796", "datePublished": "2017-10-23T04:00:00", "dateReserved": "2017-08-10T00:00:00", "dateUpdated": "2024-08-05T18:51:06.168Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC2390B4-BFC2-454E-8A9C-705E364A507D", "versionEndExcluding": "2.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request."}, {"lang": "es", "value": "Reporting Compatibility Add On en versiones anteriores a la 2.0.4 para OpenMRS, tal y como se distribuye en OpenMRS Reference Application en versiones anteriores a la 2.6.1, no autentica usuarios cuando deserializa entradas XML en objetos ReportSchema. El resultado es que usuarios remotos no autenticados pueden ejecutar comandos del sistema operativo manipulando cargas \u00fatiles XML maliciosas, tal y como demuestra una \u00fanica petici\u00f3n admin/reports/reportSchemaXml.form."}], "id": "CVE-2017-12796", "lastModified": "2017-11-21T16:26:50.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-23T04:29:00.210", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}