Gracepotmap

**Name of the Vulnerable Software and Affected Versions** openmrs-module-fhir2 versions prior to 2.5.0 **Description** The issue concerns the openmrs-module-fhir2, which provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions prior to 2.5.0, privileges were not always correctly checked, allowing unauthorized users to potentially add or edit data they were not supposed to access. **Recommendations** For openmrs-module-fhir2 versions prior to 2.5.0, update to FHIR2 2.5.0 or newer as soon as feasible to receive a patch.