Published: 10/06/2016 Updated: 10/06/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) prior to 2015R1 has hardcoded credentials, which makes it easier for remote malicious users to obtain sensitive information via direct requests to the application database server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
medhost perioperative information management system -

MEDHOST Document Management System contains hard-coded credentials used for customer database and Apache Solr access ...

MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access ...

MEDHOST Connex contains a hard-coded Mirth Connect administrative credential that is used for customer Mirth Connect management access ...

CERT warns of hardcoded creds in medical app

The Register • Darren Pauli • 30 May 2016

Patch or miscreants could doctor records

The US computer emergency response team has issued a warning after admin credentials were found in a popular medical application used for acquiring patient data. The MEDHOST application is designed for handling the perioperative three stages of surgery including patient tracking, and patient conditions. It can be hosted and managed remotely. About 1,000 healthcare facilities use the company's various technology products. The flaw meant attackers could key in the details and access patient data o...

CVE-2016-4328

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect