MEDIUM🇵🇱 Wersja polska

CVE-2018-10595

CVSS 6.3v3.0pub. 2018-05-24upd. 2024-11-21

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.

CVSS Vector
CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
  • Bd Database Manager

    APP
    Bd
    3.0.1.0
  • Bd Inoqula\+

    HW
    Bd
    wszystkie wersje
  • Bd Kiestra Tla

    HW
    Bd
    wszystkie wersje
  • Bd Kiestra Wca

    HW
    Bd
    wszystkie wersje
  • Bd Performa

    APP
    Bd
    ≤ 3.0.0.0
  • Bd Reada

    APP
    Bd
    ≤ 1.1.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2017-6022CRITICAL9.8ten sam produkt

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 an...

CVE-2018-10593MEDIUM5.6ten sam produkt

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an...

CVE-2019-10959CRITICAL10.0ten sam vendor

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1...

CVE-2018-14786CRITICAL9.4ten sam vendor

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, ...

CVE-2023-30563HIGH8.2ten sam vendor

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.