Lucene search
K

29 matches found

Cvelist
Cvelist
added 2022/01/21 6:17 p.m.34 views

CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

7.3CVSS9.8AI score0.00978EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.23 views

CVE-2021-33848 Fresenius Kabi Agilia Connect Infusion System cross site scripting

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions...

5.4CVSS6AI score0.00611EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.29 views

CVE-2021-44464 Fresenius Kabi Agilia Connect Infusion System hard coded credentials

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

6.3CVSS9.1AI score0.0064EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/21 6:17 p.m.6 views

CVE-2021-33843 Fresenius Kabi Agilia Connect Infusion System files or directories accessible to external parties

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings...

5.3CVSS5.3AI score0.00802EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.30 views

CVE-2021-33843 Fresenius Kabi Agilia Connect Infusion System files or directories accessible to external parties

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings...

5.3CVSS5.5AI score0.00802EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.18 views

CVE-2021-31562 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm

The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an...

6.5CVSS9.4AI score0.00488EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.26 views

CVE-2021-23207 Fresenius Kabi Agilia Connect Infusion System plaintext storage of a password

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating user...

6.5CVSS6.5AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.25 views

CVE-2021-23195 Fresenius Kabi Agilia Connect Infusion System exposure of information through directory listing

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

5.3CVSS5.5AI score0.00845EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.31 views

CVE-2021-33846 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

5.9CVSS7.2AI score0.00313EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/21 6:17 p.m.4 views

CVE-2021-23233 Fresenius Kabi Agilia Connect Infusion System

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration...

7.3CVSS9.6AI score0.00945EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/21 6:17 p.m.5 views

CVE-2021-33846 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

5.9CVSS7.1AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.22 views

CVE-2021-23233 Fresenius Kabi Agilia Connect Infusion System

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration...

7.3CVSS9.7AI score0.00945EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/21 6:17 p.m.8 views

CVE-2021-23196 Fresenius Kabi Agilia Connect Infusion System insufficiently protected credentials

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...

7.3CVSS8AI score0.00909EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.18 views

CVE-2021-23196 Fresenius Kabi Agilia Connect Infusion System insufficiently protected credentials

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...

7.3CVSS9.8AI score0.00909EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/21 6:17 p.m.6 views

CVE-2021-23236 Fresenius Kabi Agilia Connect Infusion System uncontrolled resource consumption

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system...

7.5CVSS7.4AI score0.0107EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.20 views

CVE-2021-23236 Fresenius Kabi Agilia Connect Infusion System uncontrolled resource consumption

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system...

7.5CVSS7.6AI score0.0107EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/23 12:0 a.m.17 views

Fresenius Kabi Agilia Connect Infusion System Licensing Issue Vulnerability (CNVD-2022-07627)

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.An authorization issue vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which stems from the fact that the program has a default configuration page that can be accessed...

5.3CVSS2.9AI score0.00802EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/23 12:0 a.m.13 views

Fresenius Kabi Agilia Connect Infusion System Information Disclosure Vulnerability

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.The Fresenius Kabi Agilia Connect Infusion System is vulnerable to information disclosure, which could be exploited by attackers to identify and access files on the server...

5.3CVSS3.6AI score0.00845EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/23 12:0 a.m.23 views

Fresenius Kabi Agilia Connect Infusion System Encryption Issue Vulnerability

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.The Fresenius Kabi Agilia Connect Infusion System is vulnerable to an encryption issue that could be exploited by an attacker to eavesdrop on transmitted data, manipulate data purportedly...

9.1CVSS2.3AI score0.00488EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/23 12:0 a.m.28 views

Fresenius Kabi Agilia Connect Infusion System Cross-Site Scripting Vulnerability

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.A cross-site scripting vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which can be exploited by attackers to inject JavaScript into the GET parameter of HTTP request'...

6.1CVSS1.6AI score0.00611EPSS
Exploits0References1
Rows per page
Query Builder