Skip to content
Use the search to find information about InterSystems products and solutions, career opportunities, and more.

Advisory: Security Vulnerability When Using HealthShare as a SAML Service Provider

This problem affects the following products:

  • All versions of HealthShare® products

Requirements:

  • A HealthShare SAML Service Provider (SP) configuration

A medium severity security issue has been found in HealthShare Unified Care Record and the HealthShare suite of products when the environment has HealthShare configured as a SAML Service Provider.

The CVSS base score is 5 and the vector is:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C/CR:H/IR:L/AR:L/MAV:N/MAC:H/MPR:L/MUI:N/MS:U/MC:H/MI:L/MA:L

The correction for this defect is identified as HSIEO-3983, which is included in HealthShare 2025.1 and all future product releases. It is also available for older versions via ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).

RELATED TOPICS

Latest Alerts & Advisories

23 jul 2025
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
23 jul 2025
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).
10 jun 2025
Advisory ID Product & Versions Affected Risk Category & Score Explicit Requirements DP-439649 Products:
20 mei 2025
This problem affects the following products: