← Back

Agilia Connect

agilia_connect

Vendor: Fresenius Kabi • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-41835
1Fresenius Kabi
6Agilia Connect
Agilia Partner Maintenance SoftwareLink+ Agilia Firmware+3 more
Nov 21, 2024
Jan 21, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service...Show more
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service.Show less
CVE-2021-23207
1Fresenius Kabi
6Agilia Connect
Agilia Partner Maintenance SoftwareLink+ Agilia Firmware+3 more
Nov 21, 2024
Jan 21, 2022
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An...Show more
An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.Show less