Vulnerability Details CVE-2023-54347
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.8%
CVSS Severity
CVSS v3 Score 7.5
References