CVE-2021-23195
21.01.2022, 19:15
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fresenius-kabi | agilia_partner_maintenance_software | 𝑥 ≤ 3.3.0 |
| fresenius-kabi | vigilant_centerium | 1.0 |
| fresenius-kabi | vigilant_insight | 1.0 |
| fresenius-kabi | vigilant_mastermed | 1.0 |
| fresenius-kabi | link\+_agilia_firmware | 𝑥 < 3.0 |
| fresenius-kabi | link\+_agilia_firmware | 3.0 |
| fresenius-kabi | link\+_agilia_firmware | 3.0:d15 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-548 - Exposure of Information Through Directory ListingA directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.