Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
08 Jun 2022, 14:29
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 7.5 |
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01 - Mitigation, Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:a:philips:interoperability_solution_xds:*:*:*:*:*:*:*:* | |
First Time |
Philips interoperability Solution Xds
Philips |
25 May 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-25 14:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-32966
Mitre link : CVE-2021-32966
CVE.ORG link : CVE-2021-32966
JSON object : View
Products Affected
philips
- interoperability_solution_xds
CWE
CWE-319
Cleartext Transmission of Sensitive Information