CVE-2024-3700

EPSS 0.11%
Veröffentlicht 10.06.2024 12:15:10
Zuletzt bearbeitet 03.10.2025 09:15:34
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.

This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Estomed ≫ Simple Care

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.307

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvd@cert.pl	9.3	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red

CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://cert.pl/en/posts/2024/06/CVE-2024-1228/

Third Party Advisory

https://cert.pl/posts/2024/06/CVE-2024-1228/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-3700

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3700

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3700

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-3700