Insufficient Session Expiration Vulnerability in BD Synapsys™: Risk of Unauthorized Access and Data Manipulation

CVE-2022-30277 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).

Learn more about our Web Application Penetration Testing UK.