{"cve":{"cve_id":"CVE-2022-30277","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00223,"epss_percentile":0.12648,"epss_as_of":"2026-06-23","description":"BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).","published_at":"2022-06-01T16:38:50.425000Z","last_modified_at":null,"cvss_v3_score":5.7,"cvss_v3_vector":"CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-613"],"nvd_references":["https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:17:33.532632Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"P","value_label":"Physical"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"becton-dickinson-bd","vendor_name":"Becton Dickinson (BD)","product_slug":"bd-synapsys","product_name":"BD Synapsys™","version_start":"4.20","version_start_inclusive":true,"version_end":"4.30","version_end_inclusive":true,"cpe23_uri":"cve5:becton-dickinson-bd:bd-synapsys:4.20:4.30"}],"exploit_refs":[],"news":[],"references":[{"url":"https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration","source_type":"MISC","tags":["patch"]}],"timeline":[{"type":"published","at":"2022-06-01T16:38:50.425000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:22:27.915531Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:22:27.915531Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:22:27.915531Z","label":"CVSS score revised","source":"cvelistv5"}]}