CVE-2016-4328

EUVD-2016-5328
MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
medhostperioperative_information_management_system
-
𝑥
= Vulnerable software versions
References
http://www.kb.cert.org/vuls/id/482135
http://www.kb.cert.org/vuls/id/482135