Skip to content
Jelajahi lebih banyak situs InterSystems:
South Africa
Afrika Selatan
United States
Amerika Serikat
Middle East Region
Asia Tenggara
Australia New Zealand
Australia & Selandia Baru
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Finland
Finlandia
Hungary
Hongaria
United Kingdom Ireland
Inggris Raya & Irlandia
indonesian flag
Indonesia
Italy
Italia
Japan
Jepang
Germany
Jerman
France
Prancis
Czech Republic
Republik Ceko
Spain
Spanyol
Sweden
Swedia
Middle East Region
Timur Tengah
Jelajahi lebih banyak situs InterSystems:
South Africa
Afrika Selatan
United States
Amerika Serikat
Middle East Region
Asia Tenggara
Australia New Zealand
Australia & Selandia Baru
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Finland
Finlandia
Hungary
Hongaria
United Kingdom Ireland
Inggris Raya & Irlandia
indonesian flag
Indonesia
Italy
Italia
Japan
Jepang
Germany
Jerman
France
Prancis
Czech Republic
Republik Ceko
Spain
Spanyol
Sweden
Swedia
Middle East Region
Timur Tengah
Telusuri untuk mempelajari tentang produk dan solusi InterSystems, peluang karier, dan banyak lagi.
Home
Peringatan & Saran Produk
Advisory: Registry Does Not Check %HS_EmergencyAccess Role on Consent Override

Advisory: Registry Does Not Check %HS_EmergencyAccess Role on Consent Override

26 Juni, 2023

This problem affects the following product:

  • HealthShare Unified Care Record: All versions up to and included 2022.2

A patient search can include a request for “emergency access”, also known as a consent override or “Break the Glass”. The Patient Search user interface enforces that the user must have the %HS_EmergencyAccess role.

However, when the UCR Registry receives a PatientSearchRequest message with emergency access specified, the Registry does not validate that the requesting user has the %HS_EmergencyAccess role.

Because this message is only used for system-to-system communication within HealthShare Unified Care Record, the risk of this issue is relatively low and it would be very difficult for an end user to exploit this behavior. All access events are still audited.

This issue is corrected in Unified Care Record 2023.1.

An ad hoc patch to correct the issue is available for most older versions, although some particularly old versions may not have this option. Please contact the Worldwide Response Center (WRC) and refer to HSDD-954.

 
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

17 April, 2025
Peringatan & Saran Produk
InterSystems Security Public Notification
InterSystems has addressed security vulnerabilities that impact applications using OAuth2 Client configurations on InterSystems IRIS, InterSystems IRIS for Health, HealthShare, HealthShare HealthConnect, TrakCare, Caché, and Ensemble. Remediation steps and additional guidance documentation are available from the InterSystems Worldwide Response Center (WRC).
buttonText
02 April, 2025
Peringatan & Saran Produk
April 2, 2025 – Alert: InterSystems IRIS 2024.3 – AIX JSON Parsing Issue & IntegratedML Incompatibilities
Product & Versions Affected Explicit Requirements DP-439207 InterSystems IRIS® data platform 2024.3 (AIX) AIX installations Using JSON processing and Unicode non-Latin-1 character sets DP-439280 InterSystems IRIS 2024.3 (containers with IntegratedML) IntegratedML Containers using TensorFlow
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Patient Access Events Should Be Recorded by Client ID for CMS-0057
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Patient Delete API Now Available
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: FHIR Server Search Chaining May Return Incomplete or Incorrect Results on Certain Parameters
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: FHIR Session Flush Can Result in Consent Failure
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: DSUB ATNA Logging Creates Orphaned Messages and Global Growth
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Clinical Viewer User Security Group May Be Incorrect When Under Heavy Load
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Non-Unique Aggregation Keys Can Cause Key Collisions on Pure Query Edge Gateways
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Error in the Matching Weight for Name Frequency when Using a Non-Default Locale in Patient Index
This problem affects the following products:
buttonText