Vulnerabilities > BD > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-30563 Cross-site Scripting vulnerability in BD Alaris Systems Manager 4.33
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
network
low complexity
bd CWE-79
8.2
2023-06-13 CVE-2022-47376 Insufficiently Protected Credentials vulnerability in BD Alaris Infusion Central
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation.
local
low complexity
bd CWE-522
7.3
2022-11-04 CVE-2022-40263 Use of Hard-coded Credentials vulnerability in BD Totalys Multiprocessor Firmware
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials.
local
low complexity
bd CWE-798
7.8
2022-06-02 CVE-2022-22767 Insufficiently Protected Credentials vulnerability in BD products
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials.
low complexity
bd CWE-522
8.3
2019-06-13 CVE-2019-10959 Unrestricted Upload of File with Dangerous Type vulnerability in BD products
BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.
network
low complexity
bd CWE-434
7.5
2017-06-30 CVE-2017-6022 Use of Hard-coded Credentials vulnerability in BD KLA Journal Service and Performa
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions.
network
low complexity
bd CWE-798
7.5