Vulnerability Details CVE-2021-33846
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.2%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 6.5
References
Products affected by CVE-2021-33846
-
cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*
-
cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0
-
cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0
-
cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0
-
cpe:2.3:h:fresenius-kabi:agilia_connect:-
-
cpe:2.3:h:fresenius-kabi:link+_agilia:-
-
cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*
-
cpe:2.3:o:fresenius-kabi:link+_agilia_firmware:*
-
cpe:2.3:o:fresenius-kabi:link+_agilia_firmware:3.0