CVE-2024-3699

Summary

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.

Affected Software

VendorProductVersion RangeStatus
drEryk sp. z o.o.drEryk Gabinet7.0.0.0 <= 9.17.0.0.affected

Weaknesses

  • CWE-259: CWE-259 Use of Hard-coded Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References