HIGH🇬🇧 English

CVE-2021-43355

CVSS 7.3v3.1pub. 2022-01-21upd. 2024-11-21

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Fresenius Kabi Agilia Connect

    HW
    Fresenius-Kabi
    wszystkie wersje
  • Fresenius Kabi Agilia Connect Firmware

    OS
    Fresenius-Kabi
    ≤ d25
  • Fresenius Kabi Agilia Partner Maintenance Software

    APP
    Fresenius-Kabi
    ≤ 3.3.0
  • Fresenius Kabi Link\+ Agilia

    HW
    Fresenius-Kabi
    wszystkie wersje
  • Fresenius Kabi Link\+ Agilia Firmware

    OS
    Fresenius-Kabi
    3.0< 3.0
  • Fresenius Kabi Vigilant Centerium

    APP
    Fresenius-Kabi
    1.0
  • Fresenius Kabi Vigilant Insight

    APP
    Fresenius-Kabi
    1.0
  • Fresenius Kabi Vigilant Mastermed

    APP
    Fresenius-Kabi
    1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2021-23233HIGH7.3ten sam produkt

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication i...

CVE-2021-23236HIGH7.5ten sam produkt

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Li...

CVE-2021-41835HIGH7.3ten sam produkt

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted d...

CVE-2021-23196HIGH7.3ten sam produkt

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms ex...

CVE-2021-33848MEDIUM5.4ten sam produkt

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-...