Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-01-21T18:17:44
Updated: 2022-01-21T18:17:44
Reserved: 2021-11-30T00:00:00
Link: CVE-2021-43355
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-21T19:15:09.270
Modified: 2022-08-09T00:51:01.313
Link: CVE-2021-43355
JSON object: View
Redhat Information
No data.