MEDIUM🇵🇱 Wersja polska

CVE-2014-5400

CVSS 6.8v2.0pub. 2015-04-03upd. 2026-05-06

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.

CVSS Vector
AV:L/AC:L/Au:S/C:C/I:C/A:C
  • Hospira Mednet

    APP
    Hospira
    ≤ 5.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2014-5401CRITICAL9.8ten sam produkt

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Pla...

CVE-2014-5405HIGH9.0ten sam produkt

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which all...

CVE-2014-5403MEDIUM6.8ten sam produkt

Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion ...

CVE-2015-7909HIGH7.3ten sam vendor

Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5....

CVE-2014-5406HIGH7.6ten sam vendor

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending ...