Vulnerabilities > Fresenius Kabi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2022-45611 | Insufficiently Protected Credentials vulnerability in Fresenius-Kabi Pharmahelp Firmware 5.1.759.0 An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | 9.8 |
| 2022-01-21 | CVE-2021-23195 | Information Exposure vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. | 5.3 |
| 2022-01-21 | CVE-2021-23196 | Improper Authentication vulnerability in Fresenius-Kabi products The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. | 7.5 |
| 2022-01-21 | CVE-2021-23207 | Insufficiently Protected Credentials vulnerability in Fresenius-Kabi products An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. | 2.1 |
| 2022-01-21 | CVE-2021-23233 | Use of Hard-coded Credentials vulnerability in Fresenius-Kabi products Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. | 7.5 |
| 2022-01-21 | CVE-2021-23236 | Resource Exhaustion vulnerability in Fresenius-Kabi products Requests may be used to interrupt the normal operation of the device. | 7.8 |
| 2022-01-21 | CVE-2021-31562 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fresenius-Kabi products The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. | 6.4 |
| 2022-01-21 | CVE-2021-33843 | Missing Authentication for Critical Function vulnerability in Fresenius-Kabi Agilia SP MC Wifi Firmware D25 Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. | 5.3 |
| 2022-01-21 | CVE-2021-33846 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. | 6.5 |
| 2022-01-21 | CVE-2021-33848 | Cross-site Scripting vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. | 4.3 |