Lucene search

CERT-PLCVELIST:CVE-2024-3700

HistoryJun 10, 2024 - 11:19 a.m.

CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

2024-06-1011:19:54

CWE-798

CERT-PL

www.cve.org

cve-2024-3700

hardcoded password

estomed sp. z o.o.

simple care software

sensitive data

database

security vulnerability

no longer supported

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

EPSS

0.001

Percentile

39.1%

JSON

Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.

This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Simple Care",
    "vendor": "Estomed Sp. z o.o.",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1228/

cert.pl/posts/2024/06/CVE-2024-1228/

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

EPSS

0.001

Percentile

39.1%

JSON

Related for CVELIST:CVE-2024-3700