Vulnerability Description
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fresenius-Kabi | Agilia Connect Firmware | <= d25 |
| Fresenius-Kabi | Agilia Connect | - |
| Fresenius-Kabi | Agilia Partner Maintenance Software | <= 3.3.0 |
| Fresenius-Kabi | Vigilant Centerium | 1.0 |
| Fresenius-Kabi | Vigilant Insight | 1.0 |
| Fresenius-Kabi | Vigilant Mastermed | 1.0 |
| Fresenius-Kabi | Link\+ Agilia Firmware | < 3.0 |
| Fresenius-Kabi | Link\+ Agilia | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-23196?
CVE-2021-23196 is a vulnerability with a CVSS score of 7.3 (HIGH). The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.
How severe is CVE-2021-23196?
CVE-2021-23196 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23196?
Check the references section above for vendor advisories and patch information. Affected products include: Fresenius-Kabi Agilia Connect Firmware, Fresenius-Kabi Agilia Connect, Fresenius-Kabi Agilia Partner Maintenance Software, Fresenius-Kabi Vigilant Centerium, Fresenius-Kabi Vigilant Insight.