Skip to main content

Opendental

4 CVEs product

Monthly

CVE-2018-15719 CRITICAL Act Now

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opendental
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-15718 HIGH This Week

Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opendental
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-15717 MEDIUM This Month

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opendental
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2016-6531 CRITICAL Act Now

Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opendental
NVD
CVSS 3.1
9.8
EPSS
3.3%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opendental
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opendental
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opendental
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opendental
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy