MEDIUM🇬🇧 English

CVE-2021-39369

CVSS 6.5v3.1pub. 2022-12-26upd. 2025-04-14

In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Philips Myvue

    APP
    Philips
    wszystkie wersje
  • Philips Speech

    APP
    Philips
    wszystkie wersje
  • Philips Vue Motion

    APP
    Philips
    ≤ 12.2.1.5
  • Philips Vue Pacs

    APP
    Philips
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2021-33020HIGH8.2ten sam produkt

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, wh...

CVE-2021-33022HIGH7.5ten sam produkt

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a c...

CVE-2021-27501HIGH7.5ten sam produkt

Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can l...

CVE-2021-33018HIGH7.5ten sam produkt

The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unn...

CVE-2023-40704MEDIUM5.7ten sam produkt

The product does not require unique and complex passwords to be created during installation. Using Philips's ...

CVE-2021-39369 — MEDIUM 6.5 | CVEbaza.pl