NVD

Id
41792  
Name
CVE-2013-6945  
Description
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-12-04  
Modified Date
2014-02-25  
Seq
2013-6945  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
211114 41792 CVE-2013-6945 http://www.darkreading.com/vulnerability/anatomy-of-an-electronic-health-record-e/240164441/  View
211115 41792 CVE-2013-6945 http://www.osehra.org/blog/m2m-broker-security-patch  View
211116 41792 CVE-2013-6945 http://www.osehra.org/blog/vista-patch-available-osehra  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
23781 JVNDB-2013-005356 OSEHRA VistA の M2M Broker における認証を回避される脆弱性 OSEHRA VistA の M2M Broker には、通常の認証および医師専用アクションの実行の認証を回避され、患者の記録を読まれる、または変更される脆弱性が存在します。 CVE-2013-6945 66887 CVE-2013-6945 41792 7.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005356.html 2013-09-30 2015-08-03 View