CVE-2021-35193

Name of the Vulnerable Software and Affected Versions: Patterson Eaglesoft versions 18 through 21

Description: The issue allows remote access to SQL database credentials by accepting the same certificate authentication across different customers' installations with the same software version. Normally, retrieving these credentials requires a username/password authentication step, but since this step is on the client side, an attacker can develop a custom client to bypass it.

Recommendations: For versions 18 through 21, consider restricting access to the SQL database credentials until a fix is available, and ensure that any custom client development adheres to the required authentication steps to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.