CVE-2023-29065: Overly Permissive Access Policy

4.1 CVSS

Description

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.

Classification

CVE ID: CVE-2023-29065

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.1

Affected Products

Vendor: Becton, Dickinson and Company (BD)

Product: FACSChorus

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 14.96% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software

Timeline

2024-12-03 00:11:14 UTC
CVE

Overly Permissive Access Policy