Skip to content
Search to learn about InterSystems products and solutions, career opportunities, and more.

InterSystems Security Notification - Sept 18, 2018

September 18, 2018 – InterSystems Security Notification

InterSystems has discovered security vulnerabilities in Caché and therefore also in Ensemble, HealthShare and TrakCare. While those vulnerabilities were only recently discovered, they impact all versions of Caché and all versions of Ensemble and HealthShare. The vulnerabilities were corrected in InterSystems IRIS Data Platform before the product was released.

Remediation steps and additional guidance documentation are available from InterSystems Worldwide Response Center (WRC).  The remediation steps might require downtime and do affect customer applications.  Any InterSystems product distribution that you receive after June 11, 2018 contains the corrections for these vulnerabilities.

Please reference “January 2018 SV” when discussing this vulnerability.

For assistance with remediation contact your Application Provider or InterSystems  Worldwide Response Center.

Latest Alerts & Advisories

Oct 10, 2025
This alert supersedes the version issued on October 7, 2025. The original alert listed incorrect affected and fixed versions.
Oct 07, 2025
Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.
Oct 07, 2025
Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL
Oct 07, 2025
This alert has been corrected - please see: October 10 - Correction Notice: Updated Alert for DP-442892
Sep 30, 2025
In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.
Sep 24, 2025
Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2
Sep 03, 2025
Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:
Jul 23, 2025
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
Jul 23, 2025
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).