Insufficient Session Expiration in BD Synapsys - CVE-2022-30277

 

Insufficient Session Expiration in BD Synapsys - CVE-2022-30277

Published: June 1, 2022


Vulnerability identifier: #VU63902
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-30277
CWE-ID: CWE-613
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Becton, Dickinson and Company (BD)
Affected software:
BD Synapsys

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue. An authenticated attacker with physical access can gain access to sensitive information and modificate ePHI, PHI, or PII.


How to mitigate CVE-2022-30277

Install updates from vendor's website.

Sources