CVE-2022-30277 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-30277

CWE

https://cwe.mitre.org/data/definitions/613.html

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Synapsys	Bd	4.20 (including)	4.20 (including)
Synapsys	Bd	4.20-sr1 (including)	4.20-sr1 (including)
Synapsys	Bd	4.30 (including)	4.30 (including)

Potential Mitigations

References

https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration
https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration