HIGH🇬🇧 English

CVE-2014-5405

CVSS 9.0v2.0pub. 2015-04-03upd. 2026-05-06

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
  • Hospira Mednet

    APP
    Hospira
    ≤ 5.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2014-5401CRITICAL9.8ten sam produkt

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Pla...

CVE-2014-5400MEDIUM6.8ten sam produkt

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, w...

CVE-2014-5403MEDIUM6.8ten sam produkt

Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion ...

CVE-2015-7909HIGH7.3ten sam vendor

Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5....

CVE-2014-5406HIGH7.6ten sam vendor

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending ...

CVE-2014-5405 — HIGH 9.0 | CVEbaza.pl