exploitDog

CVE-2024-3699

Опубликовано: 10 июн. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.

Ссылки

https://cert.pl/en/posts/2024/06/CVE-2024-1228/
Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-1228/
Third Party Advisory
https://dreryk.pl/produkty/gabinet/
Product
https://cert.pl/en/posts/2024/06/CVE-2024-1228/
Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-1228/
Third Party Advisory
https://dreryk.pl/produkty/gabinet/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dreryk:gabinet:*:*:*:*:*:*:*:*

Версия от 7.0.0.0 (включая) до 9.17.0.0 (исключая)

EPSS

Процентиль: 33%

0.00126

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-259

CWE-798

Связанные уязвимости

GHSA-j37r-fj8f-2g89

CVSS3: 9.8

github

больше 1 года назад

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.

EPSS

Процентиль: 33%

0.00126

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-259

CWE-798