Search criteria
9 vulnerabilities found for performa by bd
VAR-201706-0455
Vulnerability from variot - Updated: 2025-04-20 23:22A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. The former is a set of applications for system monitoring; the latter is a set of applications for incremental backups. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. The following products are affected: PerformA 2.0.14.0 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0455",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kla journal service",
"scope": "eq",
"trust": 1.5,
"vendor": "bd",
"version": "1.0.51"
},
{
"model": "performa",
"scope": "eq",
"trust": 1.5,
"vendor": "bd",
"version": "2.0.14.0"
},
{
"model": "kla journal service",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "1.0.51"
},
{
"model": "performa",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "2.0.14.0"
},
{
"model": "kla journal service",
"scope": "lte",
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": "1.0.51"
},
{
"model": "performa",
"scope": "lte",
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": "2.0.14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kla journal service",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:bd:kla_journal_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bd:performa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "97057"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10824",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6022",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6022",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6022",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-10824",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. The former is a set of applications for system monitoring; the latter is a set of applications for incremental backups. \nAn attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. \nThe following products are affected:\nPerformA 2.0.14.0 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6022",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-17-082-01",
"trust": 2.7
},
{
"db": "BID",
"id": "97057",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-10824",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166",
"trust": 0.8
},
{
"db": "IVD",
"id": "A64ABC7A-BF26-449E-88CF-FDB20ADC7272",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"id": "VAR-201706-0455",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
}
],
"trust": 1.39375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
}
]
},
"last_update_date": "2025-04-20T23:22:21.198000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bd.com/"
},
{
"title": "Patch for BD PerformA and KLA Journal Service Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/96347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
},
{
"problemtype": "CWE-259",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-082-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/97057"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6022"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6022"
},
{
"trust": 0.3,
"url": "http://www.bd.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-23T00:00:00",
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"date": "2017-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"date": "2017-03-24T00:00:00",
"db": "BID",
"id": "97057"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-590"
},
{
"date": "2017-06-30T03:29:00.297000",
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"date": "2017-03-29T01:01:00",
"db": "BID",
"id": "97057"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-590"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BD PerformA and KLA Journal Service Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
],
"trust": 0.6
}
}
VAR-201805-0252
Vulnerability from variot - Updated: 2024-11-23 22:17A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. DB Manager and PerformA In SQL An injection vulnerability exists.Information is falsified and denial of service (DoS) May be in a state. BD DB Manager and PerformA are products of BD (Bection, Dickinson and Commpany). BD DB Manager is a database manager. PerformA is a performance manager. Security vulnerabilities exist in BD DB Manager 3.0.1.0 and earlier and PerformA 3.0.0.0 and earlier. An attacker could exploit the vulnerability to issue SQL commands, causing data corruption
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database manager",
"scope": "eq",
"trust": 1.6,
"vendor": "bd",
"version": "3.0.1.0"
},
{
"model": "reada",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "performa",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": "database manager",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "performa",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "db manager",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=3.0.1.0"
},
{
"model": "performa",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=3.0.0.0"
},
{
"model": "reada",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "performa",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "database manager",
"version": "3.0.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "reada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:bd:database_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bd:performa",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bd:reada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
}
]
},
"cve": "CVE-2018-10593",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.4,
"id": "CVE-2018-10593",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-10584",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.4,
"id": "CVE-2018-10593",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10593",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-10593",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-10584",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-819",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. DB Manager and PerformA In SQL An injection vulnerability exists.Information is falsified and denial of service (DoS) May be in a state. BD DB Manager and PerformA are products of BD (Bection, Dickinson and Commpany). BD DB Manager is a database manager. PerformA is a performance manager. Security vulnerabilities exist in BD DB Manager 3.0.1.0 and earlier and PerformA 3.0.0.0 and earlier. An attacker could exploit the vulnerability to issue SQL commands, causing data corruption",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10593",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-18-142-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2018-10584",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F0BF0F-39AB-11E9-89CB-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"id": "VAR-201805-0252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
}
],
"trust": 1.513541675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
}
]
},
"last_update_date": "2024-11-23T22:17:30.901000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product security bulletin for BD Kiestra TLA, BD Kiestra WCA, BD InoqulA",
"trust": 0.8,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
},
{
"problemtype": "CWE-356",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-142-01"
},
{
"trust": 1.6,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10593"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10593"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-819"
},
{
"date": "2018-05-24T16:29:00.223000",
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-819"
},
{
"date": "2024-11-21T03:41:37.477000",
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DB Manager and PerformA In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
],
"trust": 0.8
}
}
VAR-201805-0253
Vulnerability from variot - Updated: 2024-11-23 22:17A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database manager",
"scope": "eq",
"trust": 1.6,
"vendor": "bd",
"version": "3.0.1.0"
},
{
"model": "reada",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "performa",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": "database manager",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "performa",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=1.1.0.2"
},
{
"model": "reada",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "performa",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "database manager",
"version": "3.0.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "reada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:bd:database_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bd:performa",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bd:reada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
}
]
},
"cve": "CVE-2018-10595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2018-10595",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-10583",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.4,
"id": "CVE-2018-10595",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10595",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-10595",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-10583",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-818",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10595",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-18-142-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2018-10583",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F070F1-39AB-11E9-A5A2-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"id": "VAR-201805-0253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
}
],
"trust": 1.4180555666666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
}
]
},
"last_update_date": "2024-11-23T22:17:30.871000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product security bulletin for BD Kiestra TLA, BD Kiestra WCA, BD InoqulA",
"trust": 0.8,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
},
{
"problemtype": "CWE-356",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-142-01"
},
{
"trust": 1.6,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10595"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10595"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-818"
},
{
"date": "2018-05-24T16:29:00.270000",
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-818"
},
{
"date": "2024-11-21T03:41:37.727000",
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ReadA In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
],
"trust": 0.8
}
}
CVE-2018-10595 (GCVE-0-2018-10595)
Vulnerability from nvd – Published: 2018-05-24 16:00 – Updated: 2024-09-17 03:37
VLAI?
Summary
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10595",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T03:37:22.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10593 (GCVE-0-2018-10593)
Vulnerability from nvd – Published: 2018-05-24 16:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10593",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T17:54:34.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6022 (GCVE-0-2017-6022)
Vulnerability from nvd – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI?
Summary
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BD Kiestra PerformA and KLA Journal Service |
Affected:
BD Kiestra PerformA and KLA Journal Service
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BD Kiestra PerformA and KLA Journal Service",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
],
"datePublic": "2017-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Kiestra PerformA and KLA Journal Service",
"version": {
"version_data": [
{
"version_value": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6022",
"datePublished": "2017-06-30T02:35:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10593 (GCVE-0-2018-10593)
Vulnerability from cvelistv5 – Published: 2018-05-24 16:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10593",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T17:54:34.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10595 (GCVE-0-2018-10595)
Vulnerability from cvelistv5 – Published: 2018-05-24 16:00 – Updated: 2024-09-17 03:37
VLAI?
Summary
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10595",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T03:37:22.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6022 (GCVE-0-2017-6022)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI?
Summary
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BD Kiestra PerformA and KLA Journal Service |
Affected:
BD Kiestra PerformA and KLA Journal Service
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BD Kiestra PerformA and KLA Journal Service",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
],
"datePublic": "2017-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Kiestra PerformA and KLA Journal Service",
"version": {
"version_data": [
{
"version_value": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6022",
"datePublished": "2017-06-30T02:35:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}