Hasomed Elefant
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Hasomed Elefant.
By the Year
In 2026 there have been 0 vulnerabilities in Hasomed Elefant. Elefant did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 4 | 8.23 |
It may take a day or so for new Elefant vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hasomed Elefant Security Vulnerabilities
FHIR API EHR Exposure via Local Network
CVE-2024-50589
7.5 - High
- November 08, 2024
An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).
Missing Authentication for Critical Function
Elefant Privilege Escalation via Service Binary
CVE-2024-50590
7.8 - High
- November 08, 2024
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as NT AUTHORITY\SYSTEM. Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".
Incorrect Default Permissions
Elefant Service v1.0 Hard-Coded Password Bypass
CVE-2024-50593
7.8 - High
- November 08, 2024
An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software.
Use of Hard-coded Credentials
Elefant Firebird Default Credential RCE
CVE-2024-50588
9.8 - Critical
- November 08, 2024
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").
1393
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hasomed Elefant or by Hasomed? Click the Watch button to subscribe.
