Vulnerabilities > BD > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-12 | CVE-2022-22765 | Use of Hard-coded Credentials vulnerability in BD Viper LT System Firmware BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. | 4.6 |
| 2020-11-13 | CVE-2020-25165 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware and Alaris Systems Manager BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. | 5.0 |
| 2019-09-06 | CVE-2019-13517 | Session Fixation vulnerability in BD Pyxis Enterprise Server and Pyxis ES In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. | 6.5 |
| 2019-06-13 | CVE-2019-10962 | Improper Access Control vulnerability in BD Alaris Gateway Workstation Firmware BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device. | 5.0 |
| 2019-02-06 | CVE-2019-6517 | Unspecified vulnerability in BD Facslyric and Facslyric IVD BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. | 4.6 |
| 2018-05-24 | CVE-2018-10595 | SQL Injection vulnerability in BD Database Manager, Performa and Reada A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. | 4.9 |