Authentication flaw

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

CVE-2021-44464 Fresenius Kabi Agilia Connect Infusion System hard coded credentials

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

PT-2022-9376 · Fresenius Kabi · Fresenius Kabi Vigilant Mastermed

Name of the Vulnerable Software and Affected Versions: Fresenius Kabi Vigilant MasterMed version 2.0.1.3 Description: An attacker with physical access to the host can extract secrets from the registry and create valid JWT tokens for the application, allowing them to impersonate arbitrary users...

PT-2022-9374 · Fresenius Kabi · Fresenius Kabi Vigilant Software Suite

Name of the Vulnerable Software and Affected Versions: Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 Description: The issue allows an attacker to identify and access files on the server due to the option for automated indexing directory listing being activated. When...