CVE-2012-4952

Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.dentrix.com/support/software-updates/g5.aspx	Vendor Advisory
http://www.kb.cert.org/vuls/id/948155	US Government Resource
http://www.kb.cert.org/vuls/id/JALR-8ZRHUK	US Government Resource
http://www.dentrix.com/support/software-updates/g5.aspx	Vendor Advisory
http://www.kb.cert.org/vuls/id/948155	US Government Resource
http://www.kb.cert.org/vuls/id/JALR-8ZRHUK	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:dentrix:g5:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-05-01 12:00

Updated : 2025-04-11 00:51

NVD link : CVE-2012-4952

Mitre link : CVE-2012-4952

CVE.ORG link : CVE-2012-4952

JSON object : View

Products Affected

dentrix

g5

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2012-4952", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-05-01T12:00:07.190", "references": [{"url": "http://www.dentrix.com/support/software-updates/g5.aspx", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/948155", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.dentrix.com/support/software-updates/g5.aspx", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/948155", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation."}, {"lang": "es", "value": "Henry Schein Dentrix G5 anterior a v15.1.294 tiene una contrase\u00f1a de base de datos interna que es compartida a trav\u00e9s de instalaciones de diferentes clientes, lo que permite a atacantes remotos obtener informaci\u00f3n sensible acerca de pacientes mediante el aprovechamiento del conocimiento de esta contrase\u00f1a desde otras instalaciones."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dentrix:g5:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECF548A1-752D-44FA-BD92-D1431A5D96A3", "versionEndIncluding": "15.1.293"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}