CVE-2021-23196
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
21/01/2022
Last modified:
30/08/2022
Description
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*:*:*:*:*:*:*:* | d25 (including) | |
| cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:* | 3.3.0 (including) | |
| cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:*:*:*:*:*:*:*:* | 3.0 (excluding) | |
| cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:d15:*:*:*:*:*:* | ||
| cpe:2.3:h:fresenius-kabi:link\+_agilia:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page