CVE-2024-3699 CRITICAL

CVE-2024-3699: Hardcoded password in drEryk Gabinet

Vendor Dreryk Sp. Z O.o.
Product drEryk Gabinet
Weakness CWE-259
Published June 10, 2024
Last update October 3, 2025

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y/R:U/V:C/RE:M/U:Red

What the vulnerability does

01Description

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.

Key dates

02Disclosure timeline

June 10, 2024 CVE published
October 3, 2025 Record updated