Lucene search

K
nvd[email protected]NVD:CVE-2024-3700
HistoryJun 10, 2024 - 12:15 p.m.

CVE-2024-3700

2024-06-1012:15:10
CWE-798
web.nvd.nist.gov
9
cve-2024-3700
estomed sp. z o.o simple care
sensitive data retrieval

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.1%

Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.

This issue affectsΒ Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.

Affected configurations

Nvd
Node
estomedsimple_care
VendorProductVersionCPE
estomedsimple_care*cpe:2.3:a:estomed:simple_care:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.1%

Related for NVD:CVE-2024-3700