cvelist/2023/30xxx/CVE-2023-30564.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-30564",
        "ASSIGNER": "cybersecurity@bd.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Alaris Systems Manager does not perform input validation during the Device Import Function."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                        "cweId": "CWE-79"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Becton Dickinson & Co",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "BD Alaris\u00e2\u201e\u00a2 Systems Manager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "0",
                                            "version_value": "12.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx",
                "refsource": "MISC",
                "name": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "INTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "\n\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n<br>"
                }
            ],
            "value": "\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n\n"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2023-04-12 17:00:34 +00:00			`{`
"-Synchronized-Data." 2023-07-13 20:00:38 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-04-12 17:00:34 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-30564",`
"-Synchronized-Data." 2023-07-13 20:00:38 +00:00			`"ASSIGNER": "cybersecurity@bd.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-04-12 17:00:34 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-07-13 20:00:38 +00:00			`"value": "Alaris Systems Manager does not perform input validation during the Device Import Function."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",`
			`"cweId": "CWE-79"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Becton Dickinson & Co",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "BD Alaris\u00e2\u201e\u00a2 Systems Manager",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "0",`
			`"version_value": "12.3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx",`
			`"refsource": "MISC",`
			`"name": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "INTERNAL"`
			`},`
"-Synchronized-Data." 2023-10-26 16:00:33 +00:00			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "\n\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n<br>"`
			`}`
			`],`
			`"value": "\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n\n"`
			`}`
			`],`
"-Synchronized-Data." 2023-07-13 20:00:38 +00:00			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.9,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",`
			`"version": "3.1"`
"-Synchronized-Data." 2023-04-12 17:00:34 +00:00			`}`
			`]`
			`}`
			`}`