CVE-2017-6022
Last modified
CVE-2017-6022 is a vulnerability of currently unknown severity. A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.. EPSS estimates a 1.75% chance of exploitation in the next 30 days.
Description
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bd | Performa | <= 2.0.14.0 |
| Bd | Kla Journal Service | <= 1.0.51 |
References
- http://www.securityfocus.com/bid/97057Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01Mitigation, Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/97057Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6022?
How severe is CVE-2017-6022?
How do I fix CVE-2017-6022?
Are you affected by CVE-2017-6022?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST