CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30564 – Stored Cross-Site Scripting on Device Import Functionality
https://notcve.org/view.php?id=CVE-2023-30564
Alaris Systems Manager does not perform input validation during the Device Import Function. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30563 – Stored Cross-Site Scripting on User Import Functionality
https://notcve.org/view.php?id=CVE-2023-30563
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25165
https://notcve.org/view.php?id=CVE-2020-25165
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit. BD Alaris PC Unit, Model 8015, versiones 9.33.1 y anteriores y BD Alaris Systems Manager, versiones 4.33 y anteriores Los productos afectados son susceptibles a una vulnerabilidad de autenticación de sesión de red dentro del proceso de autenticación entre versiones especificadas del BD Alaris PC Unit y del BD Alaris Systems Manager. Si es explotado, un atacante podría llevar a cabo un ataque de denegación de servicio en el BD Alaris PC Unit para modificar unos encabezados de configuración de los datos en tránsito. • https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01 • CWE-287: Improper Authentication •