CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30564 – Stored Cross-Site Scripting on Device Import Functionality
https://notcve.org/view.php?id=CVE-2023-30564
13 Jul 2023 — Alaris Systems Manager does not perform input validation during the Device Import Function. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30563 – Stored Cross-Site Scripting on User Import Functionality
https://notcve.org/view.php?id=CVE-2023-30563
13 Jul 2023 — A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25165
https://notcve.org/view.php?id=CVE-2020-25165
13 Nov 2020 — BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead... • https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01 • CWE-287: Improper Authentication •