CVE-2018-10595
4.9 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:P/A:P
6.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| bd:database_manager | bd database manager | eq | 3.0.1.0 |
| bd:performa | bd performa | le | 3.0.0.0 |
| bd:reada | bd reada | le | 1.1.0.2 |
CNA Affected
[
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
]Related
4.9 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:P/A:P
6.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%