CVE-2014-5405

CVE-2014-5405: Hospira MedNet Use of Hard-coded Password

Vendor Hospira
Product MedNet
Weakness CWE-259
Published April 3, 2015
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

Key dates

02Disclosure timeline

April 3, 2015 CVE published
November 3, 2025 Record updated