{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T10:51:05.020","vulnerabilities":[{"cve":{"id":"CVE-2024-3699","sourceIdentifier":"cvd@cert.pl","published":"2024-06-10T12:15:10.243","lastModified":"2025-10-03T09:15:34.553","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0."},{"lang":"es","value":"El uso de una contraseña codificada para la base de datos de los pacientes permite a un atacante recuperar datos confidenciales almacenados en la base de datos. La contraseña es la misma en todas las instalaciones de drEryk Gabinet. Este problema afecta a las versiones del software drEryk Gabinet desde la 7.0.0.0 hasta la 9.17.0.0."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-259"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dreryk:gabinet:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0.0","versionEndExcluding":"9.17.0.0","matchCriteriaId":"BA6C7053-964C-430E-88D2-94943DA6DFFD"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2024/06/CVE-2024-1228/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/06/CVE-2024-1228/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://dreryk.pl/produkty/gabinet/","source":"cvd@cert.pl","tags":["Product"]},{"url":"https://cert.pl/en/posts/2024/06/CVE-2024-1228/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/06/CVE-2024-1228/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://dreryk.pl/produkty/gabinet/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}