PT-2022-9374 · Fresenius Kabi · Fresenius Kabi Vigilant Software Suite
Published
2022-01-21
·
Updated
2022-10-24
·
CVE-2021-23195
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3
Description
The issue allows an attacker to identify and access files on the server due to the option for automated indexing (directory listing) being activated. When accessing a directory, the web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed.
Recommendations
For Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3, consider disabling the directory listing option to prevent an attacker from identifying and accessing files on the server. Restrict access to sensitive directories and files to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fresenius Kabi Vigilant Software Suite