HIGH🇵🇱 Wersja polska

CVE-2021-43355

CVSS 7.3v3.1pub. 2022-01-21upd. 2024-11-21

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Fresenius Kabi Agilia Connect

    HW
    Fresenius-Kabi
    wszystkie wersje
  • Fresenius Kabi Agilia Connect Firmware

    OS
    Fresenius-Kabi
    ≤ d25
  • Fresenius Kabi Agilia Partner Maintenance Software

    APP
    Fresenius-Kabi
    ≤ 3.3.0
  • Fresenius Kabi Link\+ Agilia

    HW
    Fresenius-Kabi
    wszystkie wersje
  • Fresenius Kabi Link\+ Agilia Firmware

    OS
    Fresenius-Kabi
    3.0< 3.0
  • Fresenius Kabi Vigilant Centerium

    APP
    Fresenius-Kabi
    1.0
  • Fresenius Kabi Vigilant Insight

    APP
    Fresenius-Kabi
    1.0
  • Fresenius Kabi Vigilant Mastermed

    APP
    Fresenius-Kabi
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-23233HIGH7.3ten sam produkt

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication i...

CVE-2021-23236HIGH7.5ten sam produkt

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Li...

CVE-2021-41835HIGH7.3ten sam produkt

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted d...

CVE-2021-23196HIGH7.3ten sam produkt

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms ex...

CVE-2021-33848MEDIUM5.4ten sam produkt

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-...