NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XMirion Biodose\/nmis
APPMirion< 23.0
Related vulnerabilities
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the datab...
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used ...
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissi...
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded pass...
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPa...