Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-30277

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).

Published

2022-06-02T14:15:51.850

Last Modified

2024-11-21T07:02:29.147

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-613
Type: Primary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bd	synapsys	4.20	Yes
Application	bd	synapsys	4.20	Yes
Application	bd	synapsys	4.30	Yes

References

https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration Vendor Advisory ([email protected])
https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)