Skip to main content

Eaglesoft

3 CVEs product

Monthly

CVE-2022-37710 HIGH This Week

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data >. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Eaglesoft
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-35193 HIGH POC This Week

Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eaglesoft
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2016-2343 CRITICAL Act Now

Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eaglesoft
NVD
CVSS 3.0
9.8
EPSS
0.5%
EPSS 0% CVSS 7.8
HIGH This Week

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data >. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Eaglesoft
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eaglesoft
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eaglesoft
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy