October 15, 2020
This post is part of the HealthShare HS2020-08 Alert communications process. The same information is also distributed:
There are 2 alerts in the HealthShare HS2020-08 Alert communication, and outlined in the Alert Summary table below. The detail is contained in the attached document: HealthShare HS2020-08
These alerts do not affect HealthShare Health Connect or HSAP customers
|Alert||Product & Versions Affected||Risk Category & Score|
|HS2020-08-01: Negation in CDA Documents is Ignored by HealthShare. Update to Alert HS2020-04-01||All versions of HealthShare Information Exchange and Unified Care Record.||Varies based on data|
|HS2020-08-02: CSRF Vulnerability when using HealthShare as a SAML Service Provider for Single Sign-On from a Third-Party Application||InterSystems HealthShare® Unified Care Record 2019.1, 2019.2, and 2020.1||3-Medium Risk (Security)|
If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC).