Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-01-21T18:17:37

Updated: 2024-08-03T19:05:53.889Z

Reserved: 2021-11-30T00:00:00

Link: CVE-2021-23233

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-21T19:15:08.123

Modified: 2024-11-21T05:51:24.783

Link: CVE-2021-23233

cve-icon Redhat

No data.