Vulnerabilities > BD > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-30563 Cross-site Scripting vulnerability in BD Alaris Systems Manager 12.3/4.33
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
network
low complexity
bd CWE-79
8.2
2023-06-13 CVE-2022-47376 Insufficiently Protected Credentials vulnerability in BD Alaris Infusion Central 1.1/1.3.2
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation.
local
low complexity
bd CWE-522
7.3
2022-11-04 CVE-2022-40263 Use of Hard-coded Credentials vulnerability in BD Totalys Multiprocessor Firmware 1.70
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials.
local
low complexity
bd CWE-798
7.8
2022-06-02 CVE-2022-22767 Insufficiently Protected Credentials vulnerability in BD products
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials.
low complexity
bd CWE-522
8.8
2022-02-12 CVE-2022-22765 Use of Hard-coded Credentials vulnerability in BD Viper LT System Firmware 2.0/4.0
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials.
local
low complexity
bd CWE-798
7.8
2020-11-13 CVE-2020-25165 Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware and Alaris Systems Manager
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager.
network
low complexity
bd CWE-287
7.5
2019-09-06 CVE-2019-13517 Session Fixation vulnerability in BD Pyxis Enterprise Server and Pyxis ES
In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.
network
low complexity
bd CWE-384
8.8