Openmrs · Openmrs · CVE-2018-19276
**Name of the Vulnerable Software and Affected Versions**
OpenMRS versions prior to 2.24.0
**Description**
The issue allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. This is due to an Insecure Object Deserialization vulnerability.
**Recommendations**
For versions prior to 2.24.0, update to version 2.24.0 or later to resolve the issue.