Vulnerabilities > CVE-2016-4328 - Unspecified vulnerability in Medhost Perioperative Information Management System

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

medhost

critical

NVD

Published: 2016-06-10

Updated: 2016-06-10

Summary

MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.

Vulnerable Configurations

Part	Description	Count
Application	Medhost Medhost Perioperative Information Management System -	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/143539/medhost-dms-psql-solr.txt
id	PACKETSTORM:143539
last seen	2017-08-01
published	2017-07-27
reporter	Allen Franks
source	https://packetstormsecurity.com/files/143539/MEDHOST-Document-Management-System-Hardcoded-Credentials.html
title	MEDHOST Document Management System Hardcoded Credentials

data source	https://packetstormsecurity.com/files/download/143480/medhost-hmscxpdn-hardcoded-credentials.txt
id	PACKETSTORM:143480
last seen	2017-07-26
published	2017-07-25
reporter	Allen Franks
source	https://packetstormsecurity.com/files/143480/MEDHOST-Connex-Hard-Coded-Credentials.html
title	MEDHOST Connex Hard-Coded Credentials

data source	https://packetstormsecurity.com/files/download/143582/medhostconnex-passwd.txt
id	PACKETSTORM:143582
last seen	2017-08-02
published	2017-07-31
reporter	Allen Franks
source	https://packetstormsecurity.com/files/143582/MEDHOST-Connex-Hardcoded-Password.html
title	MEDHOST Connex Hardcoded Password

References

http://www.kb.cert.org/vuls/id/482135