HIGH🇵🇱 Wersja polska

CVE-2021-23233

CVSS 7.3v3.1pub. 2022-01-21upd. 2024-11-21

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Fresenius Kabi Agilia Connect

    HW
    Fresenius-Kabi
    wszystkie wersje
  • Fresenius Kabi Agilia Connect Firmware

    OS
    Fresenius-Kabi
    ≤ d25
  • Fresenius Kabi Agilia Partner Maintenance Software

    APP
    Fresenius-Kabi
    ≤ 3.3.0
  • Fresenius Kabi Link\+ Agilia

    HW
    Fresenius-Kabi
    wszystkie wersje
  • Fresenius Kabi Link\+ Agilia Firmware

    OS
    Fresenius-Kabi
    3.0< 3.0
  • Fresenius Kabi Vigilant Centerium

    APP
    Fresenius-Kabi
    1.0
  • Fresenius Kabi Vigilant Insight

    APP
    Fresenius-Kabi
    1.0
  • Fresenius Kabi Vigilant Mastermed

    APP
    Fresenius-Kabi
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-23196HIGH7.3ten sam produkt

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms ex...

CVE-2021-41835HIGH7.3ten sam produkt

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted d...

CVE-2021-43355HIGH7.3ten sam produkt

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated...

CVE-2021-23236HIGH7.5ten sam produkt

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Li...

CVE-2021-33848MEDIUM5.4ten sam produkt

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-...