Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Fresenius-kabi Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45611 1 Fresenius-kabi 2 Pharmahelp, Pharmahelp Firmware 2024-01-10 N/A 9.8 CRITICAL
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information.
CVE-2021-31562 1 Fresenius-kabi 8 Agilia Connect, Agilia Connect Firmware, Agilia Link\+ and 5 more 2022-01-28 6.4 MEDIUM 9.1 CRITICAL
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information.
CVE-2021-23233 1 Fresenius-kabi 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more 2022-01-28 7.5 HIGH 9.8 CRITICAL
Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.
CVE-2021-23196 1 Fresenius-kabi 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more 2022-01-28 7.5 HIGH 9.8 CRITICAL
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.
CVE-2021-43355 1 Fresenius-kabi 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more 2022-01-28 7.5 HIGH 9.8 CRITICAL
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.