CVE-2021-23195 MEDIUM

CVE-2021-23195: Fresenius Kabi Agilia Connect Infusion System exposure of information through directory listing

Vendor Fresenius Kabi
Product Vigilant Software Suite (Mastermed Dashboard)
Weakness CWE-548 · Directory listing
Published January 21, 2022
Last update April 16, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.

Key dates

02Disclosure timeline

January 21, 2022 CVE published
April 16, 2025 Record updated