CVE-2021-33846

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

CVE-2021-44464

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

CVE-2021-43355

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

CVE-2021-23195

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

Design/Logic Flaw

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

Authentication flaw

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

Cross site scripting

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions...

Design/Logic Flaw

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

CVE-2021-33848

CVE-2021-33848 affects Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3, with a reflected cross-site scripting vulnerability described for the Vigilant Centerium Dashboard. An attacker could inject JavaScript via a GET parameter in HTTP requests, enabling unauthorized ...

CVE-2021-44464 Fresenius Kabi Agilia Connect Infusion System hard coded credentials

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

CVE-2021-44464

Vigilant Software Suite MasterMed Dashboard, version 2.0.1.3, contains credentials used across all installations. An attacker who obtains the password may gain privileges on every installation of this software. The issue is documented in multiple sources, including Red Hat and NVD entries, with m...

CVE-2021-23195

CVE-2021-23195 affects Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) 2.0.1.3. The issue is exposure of information through directory listing: if directory listing is enabled and no index file exists, a web server may return entire directory contents in HTML, enabling an attacker to...