Vulnerability Description
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fresenius-Kabi | Agilia Connect Firmware | <= d25 |
| Fresenius-Kabi | Agilia Connect | - |
| Fresenius-Kabi | Agilia Partner Maintenance Software | <= 3.3.0 |
| Fresenius-Kabi | Vigilant Centerium | 1.0 |
| Fresenius-Kabi | Vigilant Insight | 1.0 |
| Fresenius-Kabi | Vigilant Mastermed | 1.0 |
| Fresenius-Kabi | Link\+ Agilia Firmware | < 3.0 |
| Fresenius-Kabi | Link\+ Agilia | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-23195?
CVE-2021-23195 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its ...
How severe is CVE-2021-23195?
CVE-2021-23195 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23195?
Check the references section above for vendor advisories and patch information. Affected products include: Fresenius-Kabi Agilia Connect Firmware, Fresenius-Kabi Agilia Connect, Fresenius-Kabi Agilia Partner Maintenance Software, Fresenius-Kabi Vigilant Centerium, Fresenius-Kabi Vigilant Insight.