How severe is CVE-2017-9656?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2017-9656?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2017-9656

CRITICAL Year: 2017

CVSS v3 Score

9.1

Critical

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-798

View all →

Vulnerability Description

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

CVE-2008-2369

CRITICAL

CVSS:9.1(Critical)

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user acc...

CWE-7982008

CVE-2013-10002

CRITICAL

CVSS:9.1(Critical)

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwin...

CWE-7982013

CVE-2016-8491

CRITICAL

CVSS:9.1(Critical)

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.

CWE-7982016

CVE-2017-11693

CRITICAL

CVSS:9.1(Critical)

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate d...

CWE-7982017

CVE-2017-11694

CRITICAL

CVSS:9.1(Critical)

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directl...

CWE-7982017

CVE-2018-11311

CRITICAL

CVSS:9.1(Critical)

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories,...

CWE-7982018

CVE-2017-9656

Vulnerability Description

Related Vulnerabilities

CVE-2008-2369

CVE-2013-10002

CVE-2016-8491

CVE-2017-11693

CVE-2017-11694

CVE-2018-11311