Skip to content
Explore more InterSystems sites:
Germany
Alemania
Australia New Zealand
Australia y Nueva Zelanda
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Spain
España
United States
EE. UU.
Finland
Finlandia
France
Francia
Hungary
Hungría
indonesian flag
Indonesia
Italy
Italia
Japan
Japón
Middle East Region
Medio Oriente
United Kingdom Ireland
Reino Unido
Czech Republic
República Checa
Middle East Region
Singapur
South Africa
Sudáfrica
Sweden
Suecia
Explore more InterSystems sites:
Germany
Alemania
Australia New Zealand
Australia y Nueva Zelanda
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Spain
España
United States
EE. UU.
Finland
Finlandia
France
Francia
Hungary
Hungría
indonesian flag
Indonesia
Italy
Italia
Japan
Japón
Middle East Region
Medio Oriente
United Kingdom Ireland
Reino Unido
Czech Republic
República Checa
Middle East Region
Singapur
South Africa
Sudáfrica
Sweden
Suecia
Busque para obtener información sobre los productos y soluciones de InterSystems, las oportunidades de carrera y más.
Home
Product Alerts & Advisories
Advisory: Security Vulnerability When Using HealthShare as a SAML Service Provider

Advisory: Security Vulnerability When Using HealthShare as a SAML Service Provider

may 20, 2025

This problem affects the following products:

  • All versions of HealthShare® products

Requirements:

  • A HealthShare SAML Service Provider (SP) configuration

A medium severity security issue has been found in HealthShare Unified Care Record and the HealthShare suite of products when the environment has HealthShare configured as a SAML Service Provider.

The CVSS base score is 5 and the vector is:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C/CR:H/IR:L/AR:L/MAV:N/MAC:H/MPR:L/MUI:N/MS:U/MC:H/MI:L/MA:L

The correction for this defect is identified as HSIEO-3983, which is included in HealthShare 2025.1 and all future product releases. It is also available for older versions via ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

feb 10, 2026
Product Alerts & Advisories
Advisory: Custom Agreement Function Causes Error During Linkage Rebuild
This problem affects the following products:
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: Deleted HealthShare Namespaces May Only Be Partially Removed from the Federation
This problem affects the following products:
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: Consent Filtering Does Not Block Demographics from Appearing on a Clinician’s Recently Viewed Patient List
This problem affects the following products:
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: ApplyConsent Setting for IHE Patient Query Processes is Disabled by Default
This problem affects the following products:
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: Purge Task for Expire and Query Edge Gateways Does Not Delete All Expired MRNs
This problem affects the following products:
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: Purge Task for Expire and Query Edge Gateways Fails to Complete Due to Streamlet Matcher Errors
This problem affects the following products:
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: Database Deletion Fail-Safe Option
This problem affects all versions the following products prior to 2025.2:
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: Orphaned Care Plans After Multiple Patient Merges
This problem affects the following products:
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: HealthShare Does Not Support a Single Edge Gateway That Ingests Both CCDA Documents and HL7v2 Messages
This problem affects all versions of Unified Care Record and Information Exchange.
buttonText
feb 10, 2026
Product Alerts & Advisories
Advisory: Web Gateway Apache Web Server Logs Request PHI and Potentially the JWT Token Credential
This problem affects all versions of the following products:
buttonText
View All Alerts & Advisories