7578 matches found
CVE-2022-37710
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
Hardcoded credentials
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
PT-2022-24046 · Patterson Dental · Patterson Dental Eaglesoft
Name of the Vulnerable Software and Affected Versions: Patterson Dental Eaglesoft version 21 Description: The issue concerns the encryption mechanism in Patterson Dental Eaglesoft. Although it uses AES-256 encryption, there are two methods to obtain the keyfile, which are through keybackup.data...
CVE-2022-37710
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
CVE-2022-37710
Patterson Dental Eaglesoft 21 uses AES-256, but the keyfile and salt are hardcoded into a DLL/EXE. Two access paths to the keyfile exist: keybackup.data > License > Encryption Key and Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key, enabling local attackers ...
CVE-2022-40263
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...
CVE-2022-40263
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...
Hardcoded credentials
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...
CVE-2022-40263 BD Totalys MultiProcessor - Hardcoded Credentials
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...
CVE-2022-40263
BD Totalys MultiProcessor (versions 1.70 and earlier) is affected by a hard-coded credentials vulnerability. Exploitation would require local access (or physical access if networked) to the system, with low attack complexity and user interaction not needed. Successful exploitation could allow an ...
CVE-2022-40263 BD Totalys MultiProcessor - Hardcoded Credentials
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...
CVE-2022-20868
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...
CVE-2022-20868
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...
Hardcoded credentials
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...
PT-2022-25308 · Bd +1 · Bd Totalys Multiprocessor +1
Name of the Vulnerable Software and Affected Versions: BD Totalys MultiProcessor versions 1.70 and earlier Description: The issue concerns hardcoded credentials in the software, which could allow threat actors to access, modify, or delete sensitive information, including electronic protected heal...
CVE-2022-20868
CVE-2022-20868 affects Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance. The root cause is a hardcoded value used to encrypt a token for certain API calls, enabling an authenticated, remote attacker with valid credentials to impersonate anot...
CVE-2022-20868
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...