Vulnerabilities > BD > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-12 CVE-2022-22765 Use of Hard-coded Credentials vulnerability in BD Viper LT System Firmware
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials.
local
low complexity
bd CWE-798
4.6
2020-11-13 CVE-2020-25165 Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware and Alaris Systems Manager
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager.
network
low complexity
bd CWE-287
5.0
2019-09-06 CVE-2019-13517 Session Fixation vulnerability in BD Pyxis Enterprise Server and Pyxis ES
In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.
network
low complexity
bd CWE-384
6.5
2019-06-13 CVE-2019-10962 Improper Access Control vulnerability in BD Alaris Gateway Workstation Firmware
BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.
network
low complexity
bd CWE-284
5.0
2019-02-06 CVE-2019-6517 Unspecified vulnerability in BD Facslyric and Facslyric IVD
BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S.
local
low complexity
bd
4.6
2018-05-24 CVE-2018-10595 SQL Injection vulnerability in BD Database Manager, Performa and Reada
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
4.9