Vulnerabilities > Fresenius Kabi > Vigilant Insight
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2021-23195 | Information Exposure vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. | 5.3 |
| 2022-01-21 | CVE-2021-23196 | Improper Authentication vulnerability in Fresenius-Kabi products The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. | 9.8 |
| 2022-01-21 | CVE-2021-23207 | Insufficiently Protected Credentials vulnerability in Fresenius-Kabi products An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. | 5.5 |
| 2022-01-21 | CVE-2021-23233 | Use of Hard-coded Credentials vulnerability in Fresenius-Kabi products Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. | 9.8 |
| 2022-01-21 | CVE-2021-23236 | Resource Exhaustion vulnerability in Fresenius-Kabi products Requests may be used to interrupt the normal operation of the device. | 7.5 |
| 2022-01-21 | CVE-2021-31562 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fresenius-Kabi products The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. | 9.1 |
| 2022-01-21 | CVE-2021-33846 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. | 7.2 |
| 2022-01-21 | CVE-2021-33848 | Cross-site Scripting vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. | 6.1 |
| 2022-01-21 | CVE-2021-41835 | Cleartext Transmission of Sensitive Information vulnerability in Fresenius-Kabi products Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. | 7.5 |
| 2022-01-21 | CVE-2021-43355 | Improper Authentication vulnerability in Fresenius-Kabi products Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. | 9.8 |