References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

The PDBM application relies on a static, hard‑coded secret embedded 
in the PDBM.exe executable. This secret is used by the application’s 
encryption routines, including the function responsible for decrypting 
credentials stored in the product’s configuration file. Because the 
secret is constant across installations, any attacker with sufficient 
local privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored 
password and authenticate as the user defined in the configuration file.
 In the affected version, this user account is configured with 
administrative privileges, granting full access to PDBM’s management 
interface and its underlying operational functions.

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-798

https://www.cert.si/en/cve-2026-25600/