CVE-2021-23195— Fresenius Kabi Agilia Connect Infusion System exposure of information through directory listing
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-23195
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fresenius Kabi Agilia Connect Infusion System exposure of information through directory listing
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过目录枚举导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Fresenius Kabi Agilia Connect Infusion System 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Fresenius Kabi Agilia Connect Infusion System是德国Fresenius Kabi公司的一个输液系统。 Fresenius Kabi Agilia Connect Infusion System存在安全漏洞,该漏洞源于Vigilant API有激活自动索引(目录列表)的选项。当访问一个目录时,web服务器以HTML的形式传递它的全部内容。如果索引文件不存在,并且启用了目录列表功能,则会显示目录的所有内容,使攻击者可利用该漏洞能够识别并访问服务器上的文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Fresenius Kabi | Vigilant Software Suite (Mastermed Dashboard) | unspecified ~ 2.0.1.3 | - |
II. Public POCs for CVE-2021-23195
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-23195
请登录查看更多情报信息。
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-23195
Same Patch Batch · Fresenius Kabi · 2022-01-21 · 12 CVEs total
| CVE-2021-23236 | 7.5 HIGH | Fresenius Kabi Agilia Connect Infusion System uncontrolled resource consumption |
| CVE-2021-23196 | 7.3 HIGH | Fresenius Kabi Agilia Connect Infusion System insufficiently protected credentials |
| CVE-2021-23233 | 7.3 HIGH | Fresenius Kabi Agilia Connect Infusion System |
| CVE-2021-41835 | 7.3 HIGH | Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algor |
| CVE-2021-43355 | 7.3 HIGH | Fresenius Kabi Agilia Connect Infusion System use of client side authentication |
| CVE-2021-23207 | 6.5 MEDIUM | Fresenius Kabi Agilia Connect Infusion System plaintext storage of a password |
| CVE-2021-31562 | 6.5 MEDIUM | Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algor |
| CVE-2021-44464 | 6.3 MEDIUM | Fresenius Kabi Agilia Connect Infusion System hard coded credentials |
| CVE-2021-33846 | 5.9 MEDIUM | Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algor |
| CVE-2021-33848 | 5.4 MEDIUM | Fresenius Kabi Agilia Connect Infusion System cross site scripting |
| CVE-2021-33843 | 5.3 MEDIUM | Fresenius Kabi Agilia Connect Infusion System files or directories accessible to external |
IV. Related Vulnerabilities
Same product: Vigilant Software Suite (Mastermed Dashboard)
- CVE-2021-43355
Fresenius Kabi Agilia Connect Infusion System use of client - CVE-2021-33848
Fresenius Kabi Agilia Connect Infusion System cross site scr - CVE-2021-44464
Fresenius Kabi Agilia Connect Infusion System hard coded cre - CVE-2021-23207
Fresenius Kabi Agilia Connect Infusion System plaintext stor - CVE-2021-33846
Fresenius Kabi Agilia Connect Infusion System use of a broke
Same vendor: Fresenius Kabi
- CVE-2021-43355
Fresenius Kabi Agilia Connect Infusion System use of client - CVE-2021-41835
Fresenius Kabi Agilia Connect Infusion System use of a broke - CVE-2021-33848
Fresenius Kabi Agilia Connect Infusion System cross site scr - CVE-2021-44464
Fresenius Kabi Agilia Connect Infusion System hard coded cre - CVE-2021-33843
Fresenius Kabi Agilia Connect Infusion System files or direc
Same weakness: CWE-548
- CVE-2023-38265
Improper Access Control and Exposure of Information Through - CVE-2020-36921
RED-V Super Digital Signage System 5.1.1 Log Information Dis - CVE-2022-50788
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure v - CVE-2021-47718
OpenBMCS Directory Listing Information Disclosure - CVE-2024-56464
IBM QRadar SIEM is affected by an information disclosure vul
V. Comments for CVE-2021-23195
No comments yet