CVE-2022-30277

BD Synapsys, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
BDCNA
5.7 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
bdsynapsys
4.20
bdsynapsys
4.20:sr1
bdsynapsys
4.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration
https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration