October 15, 2020 – Alert: HS2020-08: HealthShare Alerts

This post is part of the HealthShare HS2020-08 Alert communications process.  The same information is also distributed:

There are 2 alerts in the HealthShare HS2020-08 Alert communication, and outlined in the Alert Summary table below.  The detail is contained in the attached document: HealthShare HS2020-08

These alerts do not affect HealthShare Health Connect or HSAP customers

Alert

Product & Versions Affected

Risk Category & Score

HS2020-08-01: Negation in CDA Documents is Ignored by HealthShare. Update to Alert HS2020-04-01All versions of HealthShare Information Exchange and Unified Care Record.Varies based on data
HS2020-08-02: CSRF Vulnerability when using HealthShare as a SAML Service Provider for Single Sign-On from a Third-Party ApplicationInterSystems HealthShare® Unified Care Record 2019.1, 2019.2, and 2020.13-Medium Risk
(Security)

If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC).