CVE-2012-4952

Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
dentrixg5
𝑥
≤ 15.1.293
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.dentrix.com/support/software-updates/g5.aspx
http://www.kb.cert.org/vuls/id/948155
http://www.kb.cert.org/vuls/id/JALR-8ZRHUK
http://www.dentrix.com/support/software-updates/g5.aspx
http://www.kb.cert.org/vuls/id/948155
http://www.kb.cert.org/vuls/id/JALR-8ZRHUK