Vulnerabilities > BD > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-13 | CVE-2023-30563 | Cross-site Scripting vulnerability in BD Alaris Systems Manager 12.3/4.33 A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session. | 8.2 |
2023-06-13 | CVE-2022-47376 | Insufficiently Protected Credentials vulnerability in BD Alaris Infusion Central 1.1/1.3.2 The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. | 7.3 |
2022-11-04 | CVE-2022-40263 | Use of Hard-coded Credentials vulnerability in BD Totalys Multiprocessor Firmware 1.70 BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. | 7.8 |
2022-06-02 | CVE-2022-22767 | Insufficiently Protected Credentials vulnerability in BD products Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. | 8.8 |
2022-02-12 | CVE-2022-22765 | Use of Hard-coded Credentials vulnerability in BD Viper LT System Firmware 2.0/4.0 BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. | 7.8 |
2020-11-13 | CVE-2020-25165 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware and Alaris Systems Manager BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. | 7.5 |
2019-09-06 | CVE-2019-13517 | Session Fixation vulnerability in BD Pyxis Enterprise Server and Pyxis ES In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. | 8.8 |