CVE-2022-2732 HIGH

CVE-2022-2732: Missing Authorization in openemr/openemr

Vendor Openemr

Product openemr/openemr

Weakness CWE-862 · Missing authorization

Published August 9, 2022

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

Key dates

02Disclosure timeline

August 9, 2022 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2732 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-32224 WordPress Privyr CRM plugin <= 1.0.2 - Broken Access Control vulnerability CVE-2025-30824 WordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerability CVE-2025-11632 Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions CVE-2024-9025 Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title CVE-2024-32692 WordPress Chauffeur Taxi Booking System for WordPress plugin <= 6.9 - Broken Authentication vulnerability