Lucene search

CERT-PLVULNRICHMENT:CVE-2024-3699

HistoryJun 10, 2024 - 11:18 a.m.

CVE-2024-3699 Hardcoded password in drEryk Gabinet

2024-06-1011:18:16

CWE-798

CERT-PL

github.com

cve-2024-3699

hardcoded password

dreryk gabinet

sensitive data

database security

software vulnerability

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dreryk:gabinet:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dreryk",
    "product": "gabinet",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0.0",
        "versionType": "custom",
        "lessThanOrEqual": "9.17.0.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1228/

cert.pl/posts/2024/06/CVE-2024-1228/

dreryk.pl/produkty/gabinet/

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-3699