{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30563", "assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18", "state": "PUBLISHED", "assignerShortName": "BD", "dateReserved": "2023-04-12T16:30:07.537Z", "datePublished": "2023-07-13T19:04:43.518Z", "dateUpdated": "2024-10-22T15:48:57.063Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BD Alaris\u00e2\u201e\u00a2 Systems Manager", "vendor": "Becton Dickinson & Co", "versions": [{"lessThanOrEqual": "12.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2023-07-13T15:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session."}], "value": "A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session."}], "impacts": [{"capecId": "CAPEC-76", "descriptions": [{"lang": "en", "value": "CAPEC-76 Manipulating Web Input to File System Calls"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18", "shortName": "BD", "dateUpdated": "2023-10-26T15:50:45.759Z"}, "references": [{"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "BD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.<br>"}], "value": "BD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n"}], "source": {"discovery": "INTERNAL"}, "title": "Stored Cross-Site Scripting on User Import Functionality ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:28:51.805Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T15:29:53.107117Z", "id": "CVE-2023-30563", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T15:48:57.063Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:28:51.805Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-30563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T15:29:53.107117Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T15:48:53.436Z"}}], "cna": {"title": "Stored Cross-Site Scripting on User Import Functionality ", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-76", "descriptions": [{"lang": "en", "value": "CAPEC-76 Manipulating Web Input to File System Calls"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Becton Dickinson & Co", "product": "BD Alaris\u00e2\u201e\u00a2 Systems Manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "BD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n", "supportingMedia": [{"type": "text/html", "value": "BD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.<br>", "base64": false}]}], "datePublic": "2023-07-13T15:33:00.000Z", "references": [{"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.", "supportingMedia": [{"type": "text/html", "value": "A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18", "shortName": "BD", "dateUpdated": "2023-10-26T15:50:45.759Z"}}}, "cveMetadata": {"cveId": "CVE-2023-30563", "state": "PUBLISHED", "dateUpdated": "2024-10-22T15:48:57.063Z", "dateReserved": "2023-04-12T16:30:07.537Z", "assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18", "datePublished": "2023-07-13T19:04:43.518Z", "assignerShortName": "BD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bd:alaris_systems_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "87213183-05A4-4B91-B127-20E861A4482B", "versionEndIncluding": "12.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session."}], "id": "CVE-2023-30563", "lastModified": "2024-11-21T08:00:26.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "cybersecurity@bd.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-13T20:15:09.143", "references": [{"source": "cybersecurity@bd.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"}], "sourceIdentifier": "cybersecurity@bd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cybersecurity@bd.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}