Home
HIGH: 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NDefault status
unaffected
Any version
affected
Description
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
Any version
References
www.bd.com/...etin/bd-alaris-system-with-guardrails-suite-mx
www.bd.com/...etin/bd-alaris-system-with-guardrails-suite-mx