Name of the Vulnerable Software and Affected Versions: OpenMRS Platform versions prior to 2.6.11 OpenMRS Platform version 2.5 and earlier, except for version 2.5.14 and later Legacy UI OMOD versions prior to 1.21.0 ID Gen OMOD versions prior to 4.14.0 Address Hierarchy OMOD versions prior to 2.19.0 Attachments OMOD versions prior to 3.6.0 Patient Flags OMOD versions prior to 3.0.8

Description: The issue involves several security problems, including broken access control, phishing vulnerability, and stored XSS. These issues were found during a penetration test of OpenMRS by a third-party company. The estimated number of potentially affected devices is not provided. The issues were found in modules commonly used in older OpenMRS applications. After the fixes were applied, the OpenMRS O3 RefApp met a Security Level of “Excellent, Grade A”.

Recommendations: Upgrade OpenMRS Platform to version 2.6.11 or higher. Upgrade OpenMRS Platform version 2.5 to version 2.5.14 or higher. Upgrade Legacy UI OMOD to version 1.21.0 or higher. Upgrade ID Gen OMOD to version 4.14.0 or higher. Upgrade Address Hierarchy OMOD to version 2.19.0 or higher. Upgrade Attachments OMOD to version 3.6.0 or higher. Upgrade Patient Flags OMOD to version 3.0.8 or higher.