Cross-Site Request Forgery (CSRF) Vulnerability in eClinicalWorks Population Health (CCMR) Allows Unauthorized User Manipulation

Cross-Site Request Forgery (CSRF) Vulnerability in eClinicalWorks Population Health (CCMR) Allows Unauthorized User Manipulation

CVE-2015-4593 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees.

Learn more about our User Device Pen Test.