CVE-2022-30277
MEDIUMBD Synapsys 4.20, 4.20 SR1, 4.30 - Insufficient Session Expiration
Title source: llmDescription
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration
Scores
CVSS v3
5.7
EPSS
0.0022
EPSS Percentile
12.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-613
Status
published
Products (2)
bd/synapsys
4.20 (2 CPE variants)
bd/synapsys
4.30
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026