CVE-2021-33843
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings.
Source: CVE-2021-33843
CVE-2021-23196
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.
Source: CVE-2021-23196
CVE-2021-23195
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.
Source: CVE-2021-23195
CVE-2020-4875
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838.
Source: CVE-2020-4875
CVE-2020-4877
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.
Source: CVE-2020-4877
CVE-2020-4876
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.
Source: CVE-2020-4876
CVE-2021-4016
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
Source: CVE-2021-4016
CVE-2022-0323
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.
Source: CVE-2022-0323
CVE-2020-4879
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.
Source: CVE-2020-4879
CVE-2021-46309
An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.
Source: CVE-2021-46309