CVE-2016-6531

EPSS 3.27%
Veröffentlicht 24.09.2016 10:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306.  NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opendental ≫ Opendental Version <= 16.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.27%	0.86

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://www.kb.cert.org/vuls/id/619767

Third Party Advisory

US Government Resource

http://www.kb.cert.org/vuls/id/GWAN-ACVSBM

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/92780

https://nvd.nist.gov/vuln/detail/CVE-2016-6531

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6531

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6531

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-6531