CVE-2021-43355

Name of the Vulnerable Software and Affected Versions Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3

Description The issue allows user input to be validated on the client side without proper authentication by the server. This is problematic because the server should not rely solely on the correctness of the data sent by the client, as users may not support or block JavaScript, or could intentionally bypass the client-side checks. An attacker with knowledge of the service user could exploit this by circumventing the client-side control, potentially allowing them to login with service privileges.

Recommendations For Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3, consider implementing server-side validation to authenticate user input properly, ensuring that the server does not rely on client-side checks alone. As a temporary workaround, restrict access to service user accounts to minimize the risk of exploitation.