CVE-2022-30277
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Summary
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Becton Dickinson (BD) | BD Synapsys™ | 4.20 <= 4.30 | affected |
Weaknesses
- CWE-613: CWE-613 Insufficient Session Expiration
Workarounds
Configure the inactivity session timeout in the operating system to match the session expiration timeout in BD Synapsys™.
Ensure physical access controls are in place and only authorized end-users have access to BD Synapsys™ workstations.
Place a reminder at each computer for users to logout when leaving the BD Synapsys™ workstation.
Ensure industry standard network security policies and procedures are followed.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.