Lucene search

CERT-PLCVELIST:CVE-2024-1228

HistoryJun 10, 2024 - 11:13 a.m.

CVE-2024-1228 Hardcoded password in Eurosoft Przychodnia

2024-06-1011:13:44

CWE-798

CERT-PL

www.cve.org

cve-2024-1228; eurosoft przychodnia; hard-coded password; data retrieval; software vulnerability; sensitive data.

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

EPSS

0.001

Percentile

27.3%

JSON

Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations.

This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed).

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Eurosoft Przychodnia",
    "vendor": "EuroSoft Sp. z o. o.",
    "versions": [
      {
        "lessThan": "20240417.001",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1228/

cert.pl/posts/2024/06/CVE-2024-1228/

www.eurosoft.com.pl/eurosoft-przychodnia

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

EPSS

0.001

Percentile

27.3%

JSON

Related for CVELIST:CVE-2024-1228