CVE-2021-43355

HIGH

Fresenius Kabi Vigilant Software Suite - Info Disclosure

Title source: llm

Description

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Scores

CVSS v3 7.3

EPSS 0.0098

EPSS Percentile 57.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-287 CWE-603

Status published

Products (7)

fresenius-kabi/agilia_connect_firmware < d25

fresenius-kabi/agilia_partner_maintenance_software < 3.3.0

fresenius-kabi/link\+_agilia_firmware 3.0 (2 CPE variants)

fresenius-kabi/link\+_agilia_firmware < 3.0

fresenius-kabi/vigilant_centerium 1.0

fresenius-kabi/vigilant_insight 1.0

fresenius-kabi/vigilant_mastermed 1.0

Published Jan 21, 2022

Tracked Since Feb 18, 2026