PatchSiren cyber security CVE debrief
CVE-2017-5598 Eclinicalworks CVE debrief
CVE-2017-5598 describes an unauthenticated blind SQL injection in eClinicalWorks healow@work 8.0 build 8. The issue is exposed through the EmployeePortalServlet and can be triggered via HTTP POST requests against the employer parameter. NVD rates the flaw as network exploitable with no privileges or user interaction required and high confidentiality impact, making it a serious database exposure risk for affected deployments.
- Vendor
- Eclinicalworks
- Product
- CVE-2017-5598
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-27
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-27
- Advisory updated
- 2026-05-13
Who should care
Security teams, application owners, and database administrators responsible for eClinicalWorks healow@work / Patient Portal deployments. Web application defenders should also care because the flaw is reachable over the network and does not require authentication.
Technical summary
The supplied corpus identifies the weakness as CWE-89 SQL injection. The vulnerability is blind and unauthenticated, appears in EmployeePortalServlet, and can be abused through the employer parameter. NVD's CVSS v3 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates remote exploitation with high confidentiality impact. The corpus also notes an out-of-band data-dumping technique in the description, but the debrief does not rely on exploit details.
Defensive priority
High. This is a remotely reachable, unauthenticated SQL injection with high data exposure potential, so exposed systems should be prioritized for inventory, validation, and remediation.
Recommended defensive actions
- Identify all eClinicalWorks healow@work / Patient Portal instances and confirm whether the affected 8.0 build is deployed.
- Apply vendor-supported remediation or upgrade guidance if available, and verify the fix in a nonproduction environment first.
- Restrict access to the EmployeePortalServlet and related administrative endpoints where operationally possible.
- Review web server and application logs for unusual POST activity targeting the employer parameter.
- Audit database privileges for the application account and reduce access to the minimum necessary for runtime operation.
- Add layered detections such as WAF rules or request validation focused on the affected servlet and parameter.
- Validate exposure using the official CVE/NVD records and internal configuration evidence rather than exploit reproduction.
Evidence notes
The debrief is based on the supplied CVE record and NVD metadata. The description states an unauthenticated blind SQL injection in EmployeePortalServlet affecting the employer parameter. NVD provides the CWE-89 classification and CVSS v3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, which supports the high-priority defensive assessment. The corpus also includes a SecurityFocus BID reference and a third-party advisory/exploit reference, but those are not needed to establish the core vulnerability facts.
Official resources
-
CVE-2017-5598 CVE record
CVE.org
-
CVE-2017-5598 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
Publicly disclosed on 2017-01-27, with the supplied source record last modified on 2026-05-13. No KEV entry is present in the supplied timeline.