CVE-2021-35193

Name: CVE-2021-35193
Creator: NVD / NIST
Published: 2021-07-30T19:15:09.37+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.17%

Last modified Jun 17, 2026

CVE-2021-35193 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access to SQL database credentials. EPSS estimates a 1.17% chance of exploitation in the next 30 days.

Description

Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access to SQL database credentials. (In the normal use of the product, retrieving those credentials only occurs after a username/password authentication step; however, this authentication step is on the client side, and an attacker can develop their own client that skips this step.)

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

1.17%

63.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-295

Affected Software

Vendor	Product	Versions
Pattersondental	Eaglesoft	>= 18.0, <= 21.0

References

http://patterson.eaglesoft.net/Home/Contact-UsVendor Advisory
https://github.com/jshafer817/EaglesoftExploit, Third Party Advisory
https://justinshafer.blogspot.com/2021/07/eaglesoft-18-through-21-vulnerability.htmlExploit, Third Party Advisory
http://patterson.eaglesoft.net/Home/Contact-UsVendor Advisory
https://github.com/jshafer817/EaglesoftExploit, Third Party Advisory
https://justinshafer.blogspot.com/2021/07/eaglesoft-18-through-21-vulnerability.htmlExploit, Third Party Advisory

Timeline

Published: Jul 30, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-35193?

How severe is CVE-2021-35193?

CVE-2021-35193 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.17% probability of exploitation in the next 30 days.

How do I fix CVE-2021-35193?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-35193?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST