Vulnerabilities > Fresenius Kabi > Agilia Connect Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2021-23195 | Information Exposure vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. | 5.3 |
| 2022-01-21 | CVE-2021-23196 | Improper Authentication vulnerability in Fresenius-Kabi products The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. | 7.5 |
| 2022-01-21 | CVE-2021-23233 | Use of Hard-coded Credentials vulnerability in Fresenius-Kabi products Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. | 7.5 |
| 2022-01-21 | CVE-2021-23236 | Resource Exhaustion vulnerability in Fresenius-Kabi products Requests may be used to interrupt the normal operation of the device. | 7.8 |
| 2022-01-21 | CVE-2021-31562 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fresenius-Kabi products The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. | 6.4 |
| 2022-01-21 | CVE-2021-33846 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. | 6.5 |
| 2022-01-21 | CVE-2021-33848 | Cross-site Scripting vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. | 4.3 |
| 2022-01-21 | CVE-2021-43355 | Improper Authentication vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. | 7.5 |
| 2022-01-21 | CVE-2021-44464 | Use of Hard-coded Credentials vulnerability in Fresenius-Kabi products Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. | 6.5 |