Unrated severityNVD Advisory· Published Jul 5, 2015· Updated May 6, 2026
CVE-2015-4453
CVE-2015-4453
Description
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.
Affected products
10cpe:2.3:a:open-emr:openemr:2.8.3:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:open-emr:openemr:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:open-emr:openemr:4.2.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.open-emr.org/wiki/index.php/OpenEMR_PatchesnvdPatchVendor Advisory
- jvn.jp/en/jp/JVN22677713/index.htmlnvdVendor Advisory
- jvndb.jvn.jp/jvndb/JVNDB-2015-000092nvdVendor Advisory
- packetstormsecurity.com/files/132368/OpenEMR-4.2.0-Authentication-Bypass.htmlnvd
- seclists.org/fulldisclosure/2015/Jun/48nvd
- www.securityfocus.com/bid/75299nvd
News mentions
0No linked articles in our index yet.