CVE-2024-3699
9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y/R:U/V:C/RE:M/U:Red
Summary
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| drEryk sp. z o.o. | drEryk Gabinet | 7.0.0.0 <= 9.17.0.0. | affected |
Weaknesses
- CWE-259: CWE-259 Use of Hard-coded Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://cert.pl/en/posts/2024/06/CVE-2024-1228/
- https://cert.pl/posts/2024/06/CVE-2024-1228/
- https://dreryk.pl/produkty/gabinet/
References
- https://cert.pl/en/posts/2024/06/CVE-2024-1228/
- https://cert.pl/posts/2024/06/CVE-2024-1228/
- https://dreryk.pl/produkty/gabinet/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.