CVE-2024-50588

CVE-2024-50588: Unprotected Exposed Firebird Database with default credentials

Vendor Hasomed
Product Elefant
Weakness CWE-1393
Published November 8, 2024
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").

Key dates

02Disclosure timeline

November 8, 2024 CVE published
November 3, 2025 Record updated