All the vulnerabilites related to HASOMED - Elefant
cve-2024-50593
Vulnerability from cvelistv5
Published
2024-11-08 12:06
Modified
2024-11-08 15:41
Severity ?
EPSS score ?
Summary
Hardcoded Service Password
References
| ▼ | URL | Tags |
|---|---|---|
| https://r.sec-consult.com/hasomed | third-party-advisory | |
| https://hasomed.de/produkte/elefant/ | patch |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elefant",
"vendor": "hasomed",
"versions": [
{
"lessThan": "24.03.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50593",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T15:40:19.870560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T15:41:42.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Elefant",
"vendor": "HASOMED",
"versions": [
{
"status": "affected",
"version": "\u003c24.03.03",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Niemann, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Daniel Hirschberger, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn attacker with local access to the medical office computer can \naccess restricted functions of the Elefant Service tool by using a \nhard-coded \"Hotline\" password in the Elefant service binary, which is shipped with the software.\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An attacker with local access to the medical office computer can \naccess restricted functions of the Elefant Service tool by using a \nhard-coded \"Hotline\" password in the Elefant service binary, which is shipped with the software."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T12:06:28.619Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hasomed"
},
{
"tags": [
"patch"
],
"url": "https://hasomed.de/produkte/elefant/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hasomed.de/produkte/elefant/\"\u003ehasomed.de/produkte/elefant/\u003c/a\u003e or via the Elefant Software Updater.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoded Service Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhile workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.\u003c/p\u003e"
}
],
"value": "While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-50593",
"datePublished": "2024-11-08T12:06:28.619Z",
"dateReserved": "2024-10-25T07:26:12.628Z",
"dateUpdated": "2024-11-08T15:41:42.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-50589
Vulnerability from cvelistv5
Published
2024-11-08 11:34
Modified
2024-11-08 15:31
Severity ?
EPSS score ?
Summary
Unprotected FHIR API
References
| ▼ | URL | Tags |
|---|---|---|
| https://r.sec-consult.com/hasomed | third-party-advisory | |
| https://hasomed.de/produkte/elefant/ | patch |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elefant",
"vendor": "hasomed",
"versions": [
{
"lessThan": "24.04.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50589",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T15:26:43.414872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T15:31:49.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Elefant",
"vendor": "HASOMED",
"versions": [
{
"status": "affected",
"version": "\u003c24.04.00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Niemann, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Daniel Hirschberger, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn unauthenticated attacker with access to the local network of the \nmedical office can query an unprotected Fast Healthcare Interoperability\n Resources (FHIR) API to get access to sensitive electronic health \nrecords (EHR).\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated attacker with access to the local network of the \nmedical office can query an unprotected Fast Healthcare Interoperability\n Resources (FHIR) API to get access to sensitive electronic health \nrecords (EHR)."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T11:34:33.967Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hasomed"
},
{
"tags": [
"patch"
],
"url": "https://hasomed.de/produkte/elefant/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor fixed the issue in version 24.04.00\u0026nbsp;(or higher) which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hasomed.de/produkte/elefant/\"\u003ehasomed.de/produkte/elefant/\u003c/a\u003e or via the Elefant Software Updater.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The vendor fixed the issue in version 24.04.00\u00a0(or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unprotected FHIR API",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhile workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.\u003c/p\u003e"
}
],
"value": "While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-50589",
"datePublished": "2024-11-08T11:34:33.967Z",
"dateReserved": "2024-10-25T07:26:12.628Z",
"dateUpdated": "2024-11-08T15:31:49.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-50590
Vulnerability from cvelistv5
Published
2024-11-08 11:45
Modified
2024-11-08 15:35
Severity ?
EPSS score ?
Summary
Local Privilege Escalation via Weak Service Binary Permissions
References
| ▼ | URL | Tags |
|---|---|---|
| https://r.sec-consult.com/hasomed | third-party-advisory | |
| https://hasomed.de/produkte/elefant/ | patch |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elefant",
"vendor": "hasomed",
"versions": [
{
"lessThan": "24.04.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50590",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T15:33:19.207618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T15:35:03.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Elefant",
"vendor": "HASOMED",
"versions": [
{
"status": "affected",
"version": "\u003c24.04.00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Niemann, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Daniel Hirschberger, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAttackers with local access to the medical office computer can \nescalate their Windows user privileges to \"NT AUTHORITY\\SYSTEM\" by \noverwriting one of two Elefant service binaries with weak permissions.\u0026nbsp;The default installation directory of Elefant is \"C:\\Elefant1\" which is \nwritable for all users. In addition, the Elefant installer registers two\n Firebird database services which are running as \u201cNT AUTHORITY\\SYSTEM\u201d.\u0026nbsp;\u003c/p\u003e\u003cp\u003ePath: C:\\Elefant1\\Firebird_2\\bin\\fbserver.exe\u003c/p\u003e\u003cp\u003ePath: C:\\Elefant1\\Firebird_2\\bin\\fbguard.exe\u003cbr\u003e\u003c/p\u003e\u003cp\u003eBoth service binaries are user writable. This means that a local \nattacker can rename one of the service binaries, replace the service \nexecutable with a new executable, and then restart the system. Once the \nsystem has rebooted, the new service binary is executed as \"NT \nAUTHORITY\\SYSTEM\".\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Attackers with local access to the medical office computer can \nescalate their Windows user privileges to \"NT AUTHORITY\\SYSTEM\" by \noverwriting one of two Elefant service binaries with weak permissions.\u00a0The default installation directory of Elefant is \"C:\\Elefant1\" which is \nwritable for all users. In addition, the Elefant installer registers two\n Firebird database services which are running as \u201cNT AUTHORITY\\SYSTEM\u201d.\u00a0\n\nPath: C:\\Elefant1\\Firebird_2\\bin\\fbserver.exe\n\nPath: C:\\Elefant1\\Firebird_2\\bin\\fbguard.exe\n\n\nBoth service binaries are user writable. This means that a local \nattacker can rename one of the service binaries, replace the service \nexecutable with a new executable, and then restart the system. Once the \nsystem has rebooted, the new service binary is executed as \"NT \nAUTHORITY\\SYSTEM\"."
}
],
"impacts": [
{
"capecId": "CAPEC-642",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-642 Replace Binaries"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T11:45:04.756Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hasomed"
},
{
"tags": [
"patch"
],
"url": "https://hasomed.de/produkte/elefant/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor fixed the issue in version 24.04.00\u0026nbsp;(or higher) which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hasomed.de/produkte/elefant/\"\u003ehasomed.de/produkte/elefant/\u003c/a\u003e or via the Elefant Software Updater.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The vendor fixed the issue in version 24.04.00\u00a0(or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation via Weak Service Binary Permissions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhile workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.\u003c/p\u003e"
}
],
"value": "While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-50590",
"datePublished": "2024-11-08T11:45:04.756Z",
"dateReserved": "2024-10-25T07:26:12.628Z",
"dateUpdated": "2024-11-08T15:35:03.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-50588
Vulnerability from cvelistv5
Published
2024-11-08 08:37
Modified
2024-11-08 15:24
Severity ?
EPSS score ?
Summary
Unprotected Exposed Firebird Database with default credentials
References
| ▼ | URL | Tags |
|---|---|---|
| https://r.sec-consult.com/hasomed | third-party-advisory | |
| https://hasomed.de/produkte/elefant/ | patch |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elefant",
"vendor": "hasomed",
"versions": [
{
"lessThan": "24.03.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50588",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T15:22:07.112507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T15:24:00.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Elefant",
"vendor": "HASOMED",
"versions": [
{
"status": "affected",
"version": "\u003c24.03.03",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Niemann, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Daniel Hirschberger, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\").\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\")."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-419",
"description": "CWE-419 Unprotected Primary Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:37:03.702Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hasomed"
},
{
"tags": [
"patch"
],
"url": "https://hasomed.de/produkte/elefant/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hasomed.de/produkte/elefant/\"\u003ehasomed.de/produkte/elefant/\u003c/a\u003e or via the Elefant Software Updater.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unprotected Exposed Firebird Database with default credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhile workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.\u003c/p\u003e"
}
],
"value": "While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-50588",
"datePublished": "2024-11-08T08:37:03.702Z",
"dateReserved": "2024-10-25T07:26:12.628Z",
"dateUpdated": "2024-11-08T15:24:00.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}