Skip to content
Explore more InterSystems sites:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Explore more InterSystems sites:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Search to learn about InterSystems products and solutions, career opportunities, and more.
Home
Product Alerts & Advisories
Advisory: Security Vulnerability When Using HealthShare as a SAML Service Provider

Advisory: Security Vulnerability When Using HealthShare as a SAML Service Provider

May 20, 2025

This problem affects the following products:

  • All versions of HealthShare® products

Requirements:

  • A HealthShare SAML Service Provider (SP) configuration

A medium severity security issue has been found in HealthShare Unified Care Record and the HealthShare suite of products when the environment has HealthShare configured as a SAML Service Provider.

The CVSS base score is 5 and the vector is:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C/CR:H/IR:L/AR:L/MAV:N/MAC:H/MPR:L/MUI:N/MS:U/MC:H/MI:L/MA:L

The correction for this defect is identified as HSIEO-3983, which is included in HealthShare 2025.1 and all future product releases. It is also available for older versions via ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

May 20, 2025
Product Alerts & Advisories
Advisory: XDS.b Document Repository Should Be Notify and Query
This issue affects all versions of HealthShare®:
More
May 20, 2025
Product Alerts & Advisories
Advisory: Transform May Discard HL7 Medication Administration Instructions in FHIR Output
This problem affects the following products:
More
May 20, 2025
Product Alerts & Advisories
Advisory: Session Timeout Ineffective for Navigation Application and Clinical Viewer
This problem affects the following products:
More
May 20, 2025
Product Alerts & Advisories
Advisory: A Second Care Plan Using the Same Patient and Template Prevents Deletion of the Original Care Plan
This problem affects the following products:
More
May 20, 2025
Product Alerts & Advisories
Advisory: Manual Step for ODS Mirror Upgrade
This problem affects the following products:
More
May 20, 2025
Product Alerts & Advisories
Advisory: PIX Manager Process Causes Requests to Be Associated with Wrong User
This problem affects the following products:
More
May 20, 2025
Product Alerts & Advisories
Advisory: Portal Login Failures with HealthShare Federated SSO
This problem affects the following products:
More
May 20, 2025
Product Alerts & Advisories
Advisory: Error Handling for Patient Registry MPIID Mismatch
This problem affects the following products:
More
May 20, 2025
Product Alerts & Advisories
Advisory: Upgrade Process May Be Delayed Due to OAuth2.0 Metadata Purge
This problem affects the following products:
More
May 20, 2025
Product Alerts & Advisories
Advisory: HealthShare Service Registry Endpoints Calculated Incorrectly When Using Ports 443 or 80
This problem affects the following HealthShare® products:
More

Sign Up Today

Receive notifications on support alerts, critical issues,
fixes, and product releases.
*Required Fields
Highlighted fields are required
*Required Fields
Highlighted fields are required
By submitting this form, you give consent to receive notifications concerning support alerts, critical issues, important updates, fixes, and product releases via email. In addition, you consent to your business contact information being entered into our CRM solution that is hosted in the United States, but maintained consistent with applicable data protection laws.
**By clicking here, you give consent to be contacted for news, updates and other marketing purposes related to existing and future InterSystems products, offerings, and events.