The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
CVSS Vector
AV:L/AC:L/Au:S/C:C/I:C/A:CHospira Mednet
APPHospira≤ 5.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2014-5401CRITICAL9.8ten sam produkt
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Pla...
CVE-2014-5405HIGH9.0ten sam produkt
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which all...
CVE-2014-5403MEDIUM6.8ten sam produkt
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion ...
CVE-2015-7909HIGH7.3ten sam vendor
Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5....
CVE-2014-5406HIGH7.6ten sam vendor
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending ...