CVE-2024-3700

CRITICAL

Estomed Sp. z o.o. Simple Care - Info Disclosure

Title source: llm

Description

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.

References (2)

[Third Party Advisory] https://cert.pl/en/posts/2024/06/CVE-2024-1228/

[Third Party Advisory] https://cert.pl/posts/2024/06/CVE-2024-1228/

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

estomed/simple_care

Published Jun 10, 2024

Tracked Since Feb 18, 2026