Reconnecting to live updates…

CVE-2024-50588: CWE-1393 Use of Default Password in HASOMED Elefant

Critical

VulnerabilityCVE-2024-50588cve cve-2024-50588 cwe-1393 cwe-419

Published: Fri Nov 08 2024 (11/08/2024, 08:37:03 UTC)

Source: CVE Database V5

Vendor/Project: HASOMED

Product: Elefant

Description

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").

Technical Details

Data Version: 5.2
Assigner Short Name: SEC-VLab
Date Reserved: 2024-10-25T07:26:12.628Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 69092eea35043901e82cab1d

Added to database: 11/3/2025, 10:38:34 PM

Last updated: 11/3/2025, 10:45:52 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.