CVE-2025-46823

HIGH Year: 2025
Weakness Type
CWE-862
View all →

Vulnerability Description

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.

Related Vulnerabilities

CVE-2021-37535

CRITICAL
CVSS:10.0(Critical)

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

CWE-8622021

CVE-2022-0543

CRITICAL
CVSS:10.0(Critical)

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

CWE-8622022

CVE-2024-33566

CRITICAL
CVSS:10.0(Critical)

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.

CWE-8622024

CVE-2024-52416

CRITICAL
CVSS:10.0(Critical)

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2.

CWE-8622024

CVE-2024-6071

CRITICAL
CVSS:10.0(Critical)

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

CWE-8622024

CVE-2024-6500

CRITICAL
CVSS:10.0(Critical)

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all...

CWE-8622024