Vulnerability Details : CVE-2012-4952
Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation.
Products affected by CVE-2012-4952
- cpe:2.3:a:dentrix:g5:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4952
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4952
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-4952
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4952
-
http://www.kb.cert.org/vuls/id/JALR-8ZRHUK
VU#948155 - Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installationsUS Government Resource
-
http://www.kb.cert.org/vuls/id/948155
VU#948155 - Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installationsUS Government Resource
-
http://www.dentrix.com/support/software-updates/g5.aspx
Dental Software - Dental Practice Management Software - DentrixVendor Advisory
Jump to