This problem affects the following products:
- HealthShare Unified Care Record: all version up to and including 2022.2
A single user interface page has been identified as a vector for URL redirect abuse in the HealthShare Unified Care Record versions listed. URL redirect abuse is associated with phishing scams and attempts to steal user credentials.
The CVSS 3.1 base score for this vulnerability has been calculated to be 5.4 with the following vector string:
This has been corrected as of version 2023.1.
The correction for this defect is identified as HSIEO-6980, which will be included in all future product releases. It is also available via Ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).