CVE-2021-35193 Information

Description

Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers’ installations (that have the same software version). This provides remote access to SQL database credentials. (In the normal use of the product retrieving those credentials only occurs after a username/password authentication step; however this authentication step is on the client side and an attacker can develop their own client that skips this step.)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://patterson.eaglesoft.net/Home/Contact-Us https://github.com/jshafer817/Eaglesoft https://justinshafer.blogspot.com/2021/07/eaglesoft-18-through-21-vulnerability.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5