Lucene search

CERT-PLCVELIST:CVE-2024-3699

HistoryJun 10, 2024 - 11:18 a.m.

CVE-2024-3699 Hardcoded password in drEryk Gabinet

2024-06-1011:18:16

CWE-798

CERT-PL

www.cve.org

hardcoded password

dreryk gabinet

data breach

cve-2024-3699

software vulnerability

9.3 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

0.001 Low

EPSS

Percentile

27.4%

JSON

Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "drEryk Gabinet",
    "vendor": "drEryk sp. z o.o.",
    "versions": [
      {
        "lessThanOrEqual": "9.17.0.0.",
        "status": "affected",
        "version": "7.0.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1228/

cert.pl/posts/2024/06/CVE-2024-1228/

dreryk.pl/produkty/gabinet/

9.3 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

0.001 Low

EPSS

Percentile

27.4%

JSON

Related for CVELIST:CVE-2024-3699