In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
References
| Link | Resource |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01 | Mitigation Third Party Advisory US Government Resource |
| https://www.usa.philips.com/healthcare | Vendor Advisory |
| https://www.youtube.com/watch?v=7zC84TNpIxw | Product |
Configurations
Configuration 1 (hide)
|
History
05 Jan 2023, 04:49
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| CPE | cpe:2.3:a:philips:myvue:-:*:*:*:*:*:*:* cpe:2.3:a:philips:vue_motion:*:*:*:*:*:*:*:* cpe:2.3:a:philips:speech:-:*:*:*:*:*:*:* cpe:2.3:a:philips:vue_pacs:-:*:*:*:*:*:*:* |
|
| First Time |
Philips myvue
Philips Philips vue Pacs Philips vue Motion Philips speech |
|
| CWE | CWE-22 | |
| References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01 - Mitigation, Third Party Advisory, US Government Resource | |
| References | (MISC) https://www.usa.philips.com/healthcare - Vendor Advisory | |
| References | (MISC) https://www.youtube.com/watch?v=7zC84TNpIxw - Product |
26 Dec 2022, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-12-26 06:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-39369
Mitre link : CVE-2021-39369
CVE.ORG link : CVE-2021-39369
JSON object : View
Products Affected
philips
- speech
- vue_pacs
- myvue
- vue_motion
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')