Vulnerabilities > BD > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-30563 | Cross-site Scripting vulnerability in BD Alaris Systems Manager 4.33 A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session. | 8.2 |
| 2023-06-13 | CVE-2022-47376 | Insufficiently Protected Credentials vulnerability in BD Alaris Infusion Central The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. | 7.3 |
| 2022-11-04 | CVE-2022-40263 | Use of Hard-coded Credentials vulnerability in BD Totalys Multiprocessor Firmware BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. | 7.8 |
| 2022-06-02 | CVE-2022-22767 | Insufficiently Protected Credentials vulnerability in BD products Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. | 8.3 |
| 2019-06-13 | CVE-2019-10959 | Unrestricted Upload of File with Dangerous Type vulnerability in BD products BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update. | 7.5 |
| 2017-06-30 | CVE-2017-6022 | Use of Hard-coded Credentials vulnerability in BD KLA Journal Service and Performa A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. | 7.5 |