CVE-2022-30277

medium

Description

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).

References

https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration

Details

Source: Mitre, NVD

Published: 2022-06-02

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.7

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00057