Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LFresenius Kabi Agilia Connect
HWFresenius-Kabiwszystkie wersjeFresenius Kabi Agilia Connect Firmware
OSFresenius-Kabi≤ d25Fresenius Kabi Agilia Partner Maintenance Software
APPFresenius-Kabi≤ 3.3.0Fresenius Kabi Link\+ Agilia
HWFresenius-Kabiwszystkie wersjeFresenius Kabi Link\+ Agilia Firmware
OSFresenius-Kabi3.0< 3.0Fresenius Kabi Vigilant Centerium
APPFresenius-Kabi1.0Fresenius Kabi Vigilant Insight
APPFresenius-Kabi1.0Fresenius Kabi Vigilant Mastermed
APPFresenius-Kabi1.0
Related vulnerabilities
Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication i...
Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Li...
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted d...
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms ex...
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-...