admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-433xx/CVE-2021-43355.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

226 lines
7.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-43355",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-01-21T19:15:09.270",
"lastModified": "2024-11-21T06:29:07.330",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges."
},
{
"lang": "es",
"value": "Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) versi\u00f3n 2.0.1.3, permite que la entrada del usuario sea comprobada en el lado del cliente sin autenticaci\u00f3n por parte del servidor. El servidor no debe confiar en la correcci\u00f3n de los datos, ya que los usuarios podr\u00edan no admitir o bloquear JavaScript o omitir intencionadamente las comprobaciones del lado del cliente. Un atacante con conocimiento del usuario del servicio podr\u00eda omitir el control del lado del cliente e iniciar sesi\u00f3n con privilegios del servicio"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-603"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.3.0",
"matchCriteriaId": "3B072164-6AA2-4A14-B7D7-10B4B953004D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C47210A7-4753-4ED7-8E6B-9BE8EBFABC9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C91B931-F726-4AB2-B3A6-D92F774CF04D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04AC7167-F5C8-46A2-B937-953E13D76A32"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "d25",
"matchCriteriaId": "8B4979F9-A7D5-4B5C-8FF2-C3C67773EE03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BBB63E-7E43-4BC1-A08F-4F1F811F839B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0",
"matchCriteriaId": "45FA28DE-939F-4146-A6E2-CE8849C9CB16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7D5FC3D0-9593-487B-B70A-F8BBCA8A18FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:3.0:d15:*:*:*:*:*:*",
"matchCriteriaId": "67E88F2E-C12B-4B50-B087-3247F4748AF3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:fresenius-kabi:link\\+_agilia:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1548AA3F-659F-43C3-9261-C7FD55465877"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink