CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
42.8%
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users.
Vendor | Product | Version | CPE |
---|---|---|---|
fresenius-kabi | agilia_partner_maintenance_software | * | cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:* |
fresenius-kabi | vigilant_centerium | 1.0 | cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:* |
fresenius-kabi | vigilant_insight | 1.0 | cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:* |
fresenius-kabi | vigilant_mastermed | 1.0 | cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:* |
fresenius-kabi | agilia_connect | - | cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:* |
fresenius-kabi | agilia_connect_firmware | * | cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*:*:*:*:*:*:*:* |
fresenius-kabi | link\+_agilia | - | cpe:2.3:h:fresenius-kabi:link\+_agilia:-:*:*:*:*:*:*:* |
fresenius-kabi | link\+_agilia_firmware | * | cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:*:*:*:*:*:*:*:* |
fresenius-kabi | link\+_agilia_firmware | 3.0 | cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:-:*:*:*:*:*:* |
fresenius-kabi | link\+_agilia_firmware | 3.0 | cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:d15:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
42.8%