CVE-2015-4453

Name: CVE-2015-4453
Creator: NVD / NIST
Published: 2015-07-05T01:59:00.973+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.87%

Last modified Jun 17, 2026

CVE-2015-4453 is a vulnerability of currently unknown severity. interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.. EPSS estimates a 2.87% chance of exploitation in the next 30 days.

Description

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.

Metrics

EPSS Probability

2.87%

85.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Open-Emr	Openemr	2.8.3
Open-Emr	Openemr	2.9.0
Open-Emr	Openemr	3.0.1
Open-Emr	Openemr	3.1.0
Open-Emr	Openemr	3.2.0
Open-Emr	Openemr	4.0.0
Open-Emr	Openemr	4.1.0
Open-Emr	Openemr	4.1.1
Open-Emr	Openemr	4.1.2
Open-Emr	Openemr	4.2.0

References

http://jvn.jp/en/jp/JVN22677713/index.htmlVendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000092Vendor Advisory
http://packetstormsecurity.com/files/132368/OpenEMR-4.2.0-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2015/Jun/48
http://www.open-emr.org/wiki/index.php/OpenEMR_PatchesPatch, Vendor Advisory
http://www.securityfocus.com/bid/75299
http://jvn.jp/en/jp/JVN22677713/index.htmlVendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000092Vendor Advisory
http://packetstormsecurity.com/files/132368/OpenEMR-4.2.0-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2015/Jun/48
http://www.open-emr.org/wiki/index.php/OpenEMR_PatchesPatch, Vendor Advisory
http://www.securityfocus.com/bid/75299

Timeline

Published: Jul 5, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-4453?

How severe is CVE-2015-4453?

Severity scoring for CVE-2015-4453 is pending analysis. The EPSS model estimates a 2.87% probability of exploitation in the next 30 days.

How do I fix CVE-2015-4453?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-4453?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST