Vulnerabilities > BD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-29061 | Missing Authentication for Critical Function vulnerability in BD Facschorus There is no BIOS password on the FACSChorus workstation. | 5.2 |
| 2023-11-28 | CVE-2023-29062 | Improper Authentication vulnerability in BD Facschorus The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. | 3.8 |
| 2023-11-28 | CVE-2023-29063 | Missing Authentication for Critical Function vulnerability in BD Facschorus The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. | 2.4 |
| 2023-11-28 | CVE-2023-29064 | Use of Hard-coded Credentials vulnerability in BD Facschorus The FACSChorus software contains sensitive information stored in plaintext. | 4.3 |
| 2023-11-28 | CVE-2023-29065 | Incorrect Permission Assignment for Critical Resource vulnerability in BD Facschorus The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. | 4.3 |
| 2023-11-28 | CVE-2023-29066 | Improper Privilege Management vulnerability in BD Facschorus The FACSChorus software does not properly assign data access privileges for operating system user accounts. | 3.5 |
| 2023-11-28 | CVE-2023-29060 | Missing Authentication for Critical Function vulnerability in BD Facschorus The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. | 5.7 |
| 2023-07-13 | CVE-2023-30561 | Missing Encryption of Sensitive Data vulnerability in BD Alaris 8015 PCU Firmware 9.33.1 The data flowing between the PCU and its modules is insecure. | 6.1 |
| 2023-07-13 | CVE-2023-30562 | Insufficient Verification of Data Authenticity vulnerability in BD Alaris Guardrails Editor 12.1.2 A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. | 6.7 |
| 2023-07-13 | CVE-2023-30563 | Cross-site Scripting vulnerability in BD Alaris Systems Manager 4.33 A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session. | 8.2 |