Search criteria
8 vulnerabilities found for reada by bd
VAR-201805-0252
Vulnerability from variot - Updated: 2023-12-18 13:13A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. DB Manager and PerformA In SQL An injection vulnerability exists.Information is falsified and denial of service (DoS) May be in a state. BD DB Manager and PerformA are products of BD (Bection, Dickinson and Commpany). BD DB Manager is a database manager. PerformA is a performance manager. Security vulnerabilities exist in BD DB Manager 3.0.1.0 and earlier and PerformA 3.0.0.0 and earlier. An attacker could exploit the vulnerability to issue SQL commands, causing data corruption
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database manager",
"scope": "eq",
"trust": 1.6,
"vendor": "bd",
"version": "3.0.1.0"
},
{
"model": "performa",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": "reada",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "database manager",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "performa",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "db manager",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=3.0.1.0"
},
{
"model": "performa",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=3.0.0.0"
},
{
"model": "reada",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "performa",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "database manager",
"version": "3.0.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "reada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bd:inoqula\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"cve": "CVE-2018-10593",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.4,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10593",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-10584",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.4,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.6,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10593",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10593",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-10584",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-819",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. DB Manager and PerformA In SQL An injection vulnerability exists.Information is falsified and denial of service (DoS) May be in a state. BD DB Manager and PerformA are products of BD (Bection, Dickinson and Commpany). BD DB Manager is a database manager. PerformA is a performance manager. Security vulnerabilities exist in BD DB Manager 3.0.1.0 and earlier and PerformA 3.0.0.0 and earlier. An attacker could exploit the vulnerability to issue SQL commands, causing data corruption",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10593",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-18-142-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2018-10584",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F0BF0F-39AB-11E9-89CB-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"id": "VAR-201805-0252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
}
],
"trust": 1.513541675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
}
]
},
"last_update_date": "2023-12-18T13:13:54.048000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product security bulletin for BD Kiestra TLA, BD Kiestra WCA, BD InoqulA",
"trust": 0.8,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-142-01"
},
{
"trust": 1.6,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10593"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10593"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"date": "2018-05-24T16:29:00.223000",
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"date": "2019-10-09T23:32:51.930000",
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DB Manager and PerformA In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
],
"trust": 0.8
}
}
VAR-201805-0253
Vulnerability from variot - Updated: 2023-12-18 13:13A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database manager",
"scope": "eq",
"trust": 1.6,
"vendor": "bd",
"version": "3.0.1.0"
},
{
"model": "performa",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": "reada",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "database manager",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "performa",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=1.1.0.2"
},
{
"model": "reada",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "performa",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "database manager",
"version": "3.0.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "reada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bd:inoqula\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"cve": "CVE-2018-10595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10595",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-10583",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10595",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10595",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-10583",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-818",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10595",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-18-142-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2018-10583",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F070F1-39AB-11E9-A5A2-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"id": "VAR-201805-0253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
}
],
"trust": 1.4180555666666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
}
]
},
"last_update_date": "2023-12-18T13:13:54.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product security bulletin for BD Kiestra TLA, BD Kiestra WCA, BD InoqulA",
"trust": 0.8,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-142-01"
},
{
"trust": 1.6,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10595"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10595"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"date": "2018-05-24T16:29:00.270000",
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"date": "2019-10-09T23:32:52.257000",
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ReadA In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
],
"trust": 0.8
}
}
FKIE_CVE-2018-10593
Vulnerability from fkie_nvd - Published: 2018-05-24 16:29 - Updated: 2024-11-21 03:41
Severity ?
Summary
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | database_manager | 3.0.1.0 | |
| bd | performa | * | |
| bd | reada | * | |
| bd | inoqula\+ | - | |
| bd | kiestra_tla | - | |
| bd | kiestra_wca | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F5FF20-158E-4845-B552-8E23C0E4AA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D594E-9D02-4669-8F34-5CE1973F5C6F",
"versionEndIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A552AC5-880A-4EFE-875A-60E1F37DD127",
"versionEndIncluding": "1.1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:inoqula\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "520604A4-38DE-4725-AD9D-1E6929E3619B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80A40D4D-4BB9-45B1-BB10-C6ADCE2CFD56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B172535-3DD4-46D6-9AF6-F8F795EC3747",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
},
{
"lang": "es",
"value": "Una vulnerabilidad en DB Manager en versiones 3.0.1.0 y anteriores y PerformA en versiones 3.0.0.0 y anteriores permite que un usuario autorizado con acceso a una cuenta privilegiada en un sistema BD Kiestra (Kiestra TLA, Kiestra WCA y InoqulA+ specimen processor) env\u00ede comandos SQL, lo que podr\u00eda resultar en una corrupci\u00f3n de datos."
}
],
"id": "CVE-2018-10593",
"lastModified": "2024-11-21T03:41:37.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-24T16:29:00.223",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-356"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-10595
Vulnerability from fkie_nvd - Published: 2018-05-24 16:29 - Updated: 2024-11-21 03:41
Severity ?
Summary
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | database_manager | 3.0.1.0 | |
| bd | performa | * | |
| bd | reada | * | |
| bd | inoqula\+ | - | |
| bd | kiestra_tla | - | |
| bd | kiestra_wca | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F5FF20-158E-4845-B552-8E23C0E4AA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D594E-9D02-4669-8F34-5CE1973F5C6F",
"versionEndIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A552AC5-880A-4EFE-875A-60E1F37DD127",
"versionEndIncluding": "1.1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:inoqula\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "520604A4-38DE-4725-AD9D-1E6929E3619B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80A40D4D-4BB9-45B1-BB10-C6ADCE2CFD56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B172535-3DD4-46D6-9AF6-F8F795EC3747",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
},
{
"lang": "es",
"value": "Una vulnerabilidad en ReadA en versiones 1.1.0.2 y anteriores permite que un usuario autorizado con acceso a una cuenta privilegiada en un sistema BD Kiestra (Kiestra TLA, Kiestra WCA y InoqulA+ specimen processor) env\u00ede comandos SQL, lo que podr\u00eda resultar en una p\u00e9rdida o corrupci\u00f3n de datos."
}
],
"id": "CVE-2018-10595",
"lastModified": "2024-11-21T03:41:37.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-24T16:29:00.270",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-356"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-10595 (GCVE-0-2018-10595)
Vulnerability from cvelistv5 – Published: 2018-05-24 16:00 – Updated: 2024-09-17 03:37
VLAI?
Summary
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10595",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T03:37:22.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10593 (GCVE-0-2018-10593)
Vulnerability from cvelistv5 – Published: 2018-05-24 16:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10593",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T17:54:34.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10595 (GCVE-0-2018-10595)
Vulnerability from nvd – Published: 2018-05-24 16:00 – Updated: 2024-09-17 03:37
VLAI?
Summary
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10595",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T03:37:22.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10593 (GCVE-0-2018-10593)
Vulnerability from nvd – Published: 2018-05-24 16:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10593",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T17:54:34.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}