CRITICAL🇬🇧 English

CVE-2017-6022

CVSS 9.8v3.0pub. 2017-06-30upd. 2026-05-13

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bd Kla Journal Service

    APP
    Bd
    ≤ 1.0.51
  • Bd Performa

    APP
    Bd
    ≤ 2.0.14.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-10593MEDIUM5.6ten sam produkt

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an...

CVE-2018-10595MEDIUM6.3ten sam produkt

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged ac...

CVE-2019-10959CRITICAL10.0ten sam vendor

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1...

CVE-2018-14786CRITICAL9.4ten sam vendor

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, ...

CVE-2023-30563HIGH8.2ten sam vendor

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.