Insufficient Session Expiration in BD Synapsys - CVE-2022-30277
Published: June 1, 2022
Vulnerability identifier: #VU63902
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-30277
CWE-ID: CWE-613
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Becton, Dickinson and Company (BD)
Affected software:
BD Synapsys
BD Synapsys
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. An authenticated attacker with physical access can gain access to sensitive information and modificate ePHI, PHI, or PII.
How to mitigate CVE-2022-30277
Install updates from vendor's website.