cvedb.io
CVE-2018-19276
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2019-03-21T16:00:30.390 · Last modified 2026-06-17T01:49:03.607

Summary

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.

Affected products

openmrs — openmrs

Does this affect you?

Add your gear to cvedb and we'll alert you only when openmrs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.