CVE-2022-30277

Summary

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).

Affected Software

VendorProductVersion RangeStatus
Becton Dickinson (BD)BD Synapsys™4.20 <= 4.30affected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

Workarounds

Configure the inactivity session timeout in the operating system to match the session expiration timeout in BD Synapsys™.

Ensure physical access controls are in place and only authorized end-users have access to BD Synapsys™ workstations.

Place a reminder at each computer for users to logout when leaving the BD Synapsys™ workstation.

Ensure industry standard network security policies and procedures are followed.

ADP Enrichment

CVE Program Container

Additional References

References