Authentication and Authorization Bypass in OSEHRA VistA M2M Broker
CVE-2013-6945 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
Learn more about our Web Application Penetration Testing UK.