OpenClinic GA Vulnerabilities

Threat ID:: CC-3536
Category:
Threat Severity:: Low
Threat Vector:
Published:: 7 July 2020 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

OpenClinic GA - Versions 5.09.02 and 5.89.05b

Threat details

Introduction

Security researchers have disclosed details of several vulnerabilities affecting the OpenClinic GA open-source integrated hospital information management system. They claim that an unauthenticated attacker on the same network could exploit some or all of these vulnerabilities to access or edit sensitive information, bypass authentication, or execute arbitrary code.

Remediation advice

At the time of publication, OpenClinic's maintainers have confirmed they are aware of the vulnerabilities but have not provided any details of work to address or mitigate them.

Affected organisations are encouraged to update to the latest version of OpenClinic GA to obtain any security updates as they become available.

Remediation steps

Type	Step
Patch	Apply all appropriate updates. https://sourceforge.net/projects/open-clinic/files/Releases/

Definitive source of threat updates

Last edited: 8 July 2020 12:43 pm