Authentication and Authorization Bypass in OSEHRA VistA M2M Broker

Authentication and Authorization Bypass in OSEHRA VistA M2M Broker

CVE-2013-6945 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."

Learn more about our Web Application Penetration Testing UK.