MEDHOST Document Management System におけるハードコードされた認証情報の使用に関する脆弱性
| Title |
MEDHOST Document Management System におけるハードコードされた認証情報の使用に関する脆弱性
|
| Summary |
MEDHOST Document Management System には、ハードコードされた認証情報の使用に関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される、および情報を改ざんされる可能性があります。 |
| Solution |
ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
July 27, 2017, midnight |
| Registration Date |
Sept. 6, 2017, 5:18 p.m. |
| Last Update |
Sept. 6, 2017, 5:18 p.m. |
|
CVSS3.0 : 緊急
|
| Score |
9.1
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
CVSS2.0 : 警告
|
| Score |
6.4
|
| Vector |
AV:N/AC:L/Au:N/C:P/I:P/A:N |
Affected System
| MEDHOST, Inc. |
|
MEDHOST Document Management System
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2017年09月06日]
掲載 |
Feb. 17, 2018, 10:37 a.m. |
NVD Vulnerability Information
CVE-2017-11694
| Summary |
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents.
|
| Publication Date |
July 28, 2017, 10:29 p.m. |
| Registration Date |
Jan. 26, 2021, 1:13 p.m. |
| Last Update |
Nov. 21, 2024, 12:08 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:medhost:medhost_document_management_system:-:*:*:*:*:*:*:* |
|
|
|
|
Related information, measures and tools
Common Vulnerabilities List