Search criteria
1 vulnerability by dreryk
CVE-2024-3699 (GCVE-0-2024-3699)
Vulnerability from cvelistv5 – Published: 2024-06-10 11:18 – Updated: 2025-10-03 09:02
VLAI
Title
Hardcoded password in drEryk Gabinet
Summary
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-259 - Use of Hard-coded Password
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/06/CVE-2024-1228/ | third-party-advisory |
| https://cert.pl/posts/2024/06/CVE-2024-1228/ | third-party-advisory |
| https://dreryk.pl/produkty/gabinet/ | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| drEryk sp. z o.o. | drEryk Gabinet |
Affected:
7.0.0.0 , ≤ 9.17.0.0.
(custom)
|
|
| dreryk | gabinet |
Affected:
7.0.0.0 , ≤ 9.17.0.0
(custom)
cpe:2.3:a:dreryk:gabinet:*:*:*:*:*:*:*:* |
Date Public
2024-06-10 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dreryk:gabinet:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gabinet",
"vendor": "dreryk",
"versions": [
{
"lessThanOrEqual": "9.17.0.0",
"status": "affected",
"version": "7.0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T17:04:15.430477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:29:17.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1228/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/06/CVE-2024-1228/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://dreryk.pl/produkty/gabinet/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "drEryk Gabinet",
"vendor": "drEryk sp. z o.o.",
"versions": [
{
"lessThanOrEqual": "9.17.0.0.",
"status": "affected",
"version": "7.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of hard-coded password to the patients\u0027 database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all\u0026nbsp;drEryk Gabinet installations.\u003cp\u003eThis issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.\u003c/p\u003e"
}
],
"value": "Use of hard-coded password to the patients\u0027 database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all\u00a0drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T09:02:57.709Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1228/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/06/CVE-2024-1228/"
},
{
"tags": [
"product"
],
"url": "https://dreryk.pl/produkty/gabinet/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hardcoded password in drEryk Gabinet",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-3699",
"datePublished": "2024-06-10T11:18:16.709Z",
"dateReserved": "2024-04-12T08:51:41.949Z",
"dateUpdated": "2025-10-03T09:02:57.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}