N/A

eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees.

N/A

N/A

EClinicalWorks Population Health Client Portal 跨站请求伪造漏洞

EClinicalWorks Population Health（又名eClinicalWorks CCMR）是美国EClinicalWorks公司的一套人口健康解决方案，它提供仪表板分析、患者预约、护理计划和患者转诊安全网络等功能。Client Portal是其中的一个门户网站。 eClinicalWorks Population Health中的portalUserService.jsp文件存在安全漏洞。远程攻击者可利用该漏洞劫持内容管理员的身份验证。

N/A

N/A