Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Agilia_connect
(Fresenius\-Kabi)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 2 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-01-21 | CVE-2021-23207 | An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users. | Agilia_connect, Agilia_partner_maintenance_software, Link\+_agilia_firmware, Vigilant_centerium, Vigilant_insight, Vigilant_mastermed | 5.5 | ||
2022-01-21 | CVE-2021-41835 | Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service. | Agilia_connect, Agilia_partner_maintenance_software, Link\+_agilia_firmware, Vigilant_centerium, Vigilant_insight, Vigilant_mastermed | 7.5 |