Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.
AnalysisAI
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. Affected products include: Patterson Dental Eaglesoft.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across di
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > Li
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today