Vulnerability Description
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dreryk | Gabinet | >= 7.0.0.0, < 9.17.0.0 |
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/06/CVE-2024-1228/Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-1228/Third Party Advisory
- https://dreryk.pl/produkty/gabinet/Product
- https://cert.pl/en/posts/2024/06/CVE-2024-1228/Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-1228/Third Party Advisory
- https://dreryk.pl/produkty/gabinet/Product
FAQ
What is CVE-2024-3699?
CVE-2024-3699 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue af...
How severe is CVE-2024-3699?
CVE-2024-3699 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-3699?
Check the references section above for vendor advisories and patch information. Affected products include: Dreryk Gabinet.