A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NBd Alaris Systems Manager
APPBd≤ 12.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
Powiązane podatności
CVE-2020-25165HIGH7.5ten sam produkt
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and ea...
CVE-2023-30564MEDIUM6.9ten sam produkt
Alaris Systems Manager does not perform input validation during the Device Import Function.
CVE-2019-10959CRITICAL10.0ten sam vendor
BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1...
CVE-2018-14786CRITICAL9.4ten sam vendor
Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, ...
CVE-2017-6022CRITICAL9.8ten sam vendor
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 an...