First published: Tue Nov 28 2023(Updated: )
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
Credit: cybersecurity@bd.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
Bd Facschorus | =5.0 | |
Bd Facschorus | =5.1 | |
Hp Hp Z2 Tower G9 | ||
All of | ||
Any of | ||
Bd Facschorus | =3.0 | |
Bd Facschorus | =3.1 | |
Hp Hp Z2 Tower G5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29065 is a vulnerability that allows a threat actor with physical access to gain credentials and potentially alter or destroy data in the FACSChorus software database.
The affected software versions are Bd Facschorus 5.0 and 5.1.
No, Hp Hp Z2 Tower G9 is not vulnerable to CVE-2023-29065.
The severity of CVE-2023-29065 is medium, with a CVSS score of 4.1.
To fix CVE-2023-29065, it is recommended to implement proper access controls and restrict direct database access.