Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-01-21T18:17:37
Updated: 2022-01-21T18:17:37
Reserved: 2021-11-30T00:00:00
Link: CVE-2021-23233
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-21T19:15:08.123
Modified: 2022-01-28T15:48:22.147
Link: CVE-2021-23233
JSON object: View
Redhat Information
No data.