Vulnerabilities > CVE-2014-9736 - Credentials Management vulnerability in Gehealthcare Centricity Clinical Archive Audit Trail Repository

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

gehealthcare

CWE-255

critical

NVD

Published: 2015-08-04

Updated: 2015-08-04

Summary

GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.

Vulnerable Configurations

Part	Description	Count
Application	Gehealthcare Gehealthcare Centricity Clinical Archive Audit Trail Repository *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA&DIRECTION=DOC1474072&FILENAME=DOC1474072_ATR_InstSvcMan.pdf&FILEREV=--&DOCREV_ORG=--
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
https://twitter.com/digitalbond/status/619250429751222277