PT-2017-16838 · Becton · Kla Journal Service+2
Publicado
2017-06-30
·
Atualizado
2019-10-09
·
CVE-2017-6022
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Becton, Dickinson and Company (BD) PerformA versions 2.0.14.0 and prior
Becton, Dickinson and Company (BD) KLA Journal Service versions 1.0.51 and prior
Description
A hard-coded password issue was discovered, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. The issue arises because the software uses hard-coded passwords to access the database.
Recommendations
For Becton, Dickinson and Company (BD) PerformA versions 2.0.14.0 and prior, consider changing the hard-coded password to a secure, user-defined password to prevent unauthorized access.
For Becton, Dickinson and Company (BD) KLA Journal Service versions 1.0.51 and prior, consider changing the hard-coded password to a secure, user-defined password to prevent unauthorized access.
As a temporary workaround, consider restricting access to the BD Kiestra Database until a secure password can be implemented.
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Bd Kiestra Database
Kla Journal Service
Performa