CVE-2024-3699

Name of the Vulnerable Software and Affected Versions drEryk Gabinet versions 7.0.0.0 through 9.17.0.0

Description The issue is related to the use of a hard-coded password to access the patients' database, allowing an attacker to retrieve sensitive data. This password is uniform across all drEryk Gabinet installations.

Recommendations For versions 7.0.0.0 through 9.17.0.0, consider changing the hard-coded password to a unique and secure password for each installation as a temporary workaround. Restrict access to the patients' database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.