CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:N/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.4%
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Vendor | Product | Version | CPE |
---|---|---|---|
bd | database_manager | 3.0.1.0 | cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:* |
bd | performa | * | cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:* |
bd | reada | * | cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:* |
bd | inoqula\+ | - | cpe:2.3:h:bd:inoqula\+:-:*:*:*:*:*:*:* |
bd | kiestra_tla | - | cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:* |
bd | kiestra_wca | - | cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:* |
[
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
]
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:N/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.4%