CVE-2024-50588
CRITICALDescription
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-50588? +
How severe is CVE-2024-50588? +
How do I check if I'm vulnerable to CVE-2024-50588? +
Related Vulnerabilities
The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open …
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent …
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user …
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end …
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with …