Lucene search

CERT-PLVULNRICHMENT:CVE-2024-1228

HistoryJun 10, 2024 - 11:13 a.m.

CVE-2024-1228 Hardcoded password in Eurosoft Przychodnia

2024-06-1011:13:44

CWE-798

CERT-PL

github.com

cve-2024-1228

hardcoded password

eurosoft przychodnia

database security

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

27.3%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations.

This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed).

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:eurosoftsp.zo.o:eurosoft_przychodina:20240417.001:*:*:*:*:*:*:*"
    ],
    "vendor": "eurosoftsp.zo.o",
    "product": "eurosoft_przychodina",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "20240417.001",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1228/

cert.pl/posts/2024/06/CVE-2024-1228/

www.eurosoft.com.pl/eurosoft-przychodnia

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

27.3%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-1228