Vulnerability-Lookup

CVE-2018-17891 (GCVE-0-2018-17891)

Vulnerability from cvelistv5 – Published: 2018-10-04 21:00 – Updated: 2024-09-17 02:32

Summary

Severity ?

No CVSS data available.

CWE

CWE-209 - INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209

Assigner

icscert

References

URL

	Vendor	Product	Version
	Carestream	Vue RIS	Affected: RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5

VAR-201810-0478

Vulnerability from variot - Updated: 2023-12-18 13:13

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack. Carestream Vue RIS Contains an information disclosure vulnerability.Information may be obtained. An attacker could exploit this vulnerability to obtain technical information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0478",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vue ris",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "carestream",
        "version": "11.2"
      },
      {
        "model": "vue ris",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "carestream",
        "version": "11.2"
      },
      {
        "model": "vue ris",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "carestream",
        "version": "ris client builds 11.2"
      },
      {
        "model": "vue ris",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "carestream",
        "version": "\u003c=11.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "carestream vue ris",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "db": "BID",
        "id": "105713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:carestream:carestream_vue_ris:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-17891"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dan Regalado of Zingbox",
    "sources": [
      {
        "db": "BID",
        "id": "105713"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-17891",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-17891",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2018-21171",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "7d856950-463f-11e9-bb98-000c29342cb1",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.2,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.7,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-17891",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-17891",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-21171",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-156",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "7d856950-463f-11e9-bb98-000c29342cb1",
            "trust": 0.2,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack. Carestream Vue RIS Contains an information disclosure vulnerability.Information may be obtained. An attacker could exploit this vulnerability to obtain technical information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-17891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "db": "BID",
        "id": "105713"
      },
      {
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-17891",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-18-277-01",
        "trust": 2.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "105713",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "7D856950-463F-11E9-BB98-000C29342CB1",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "db": "BID",
        "id": "105713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ]
  },
  "id": "VAR-201810-0478",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      }
    ],
    "trust": 1.4
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:13:39.900000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CARESTREAM Vue RIS",
        "trust": 0.8,
        "url": "https://www.carestream.com/en/us/medical/products/vue-healthit/radiology/carestream-vue-ris"
      },
      {
        "title": "Patch for Carestream Vue RIS Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/142569"
      },
      {
        "title": "Carestream Vue RIS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86164"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17891"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-277-01"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17891"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17891"
      },
      {
        "trust": 0.3,
        "url": "https://www.carestream.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "db": "BID",
        "id": "105713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "db": "BID",
        "id": "105713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      },
      {
        "date": "2018-10-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "date": "2018-10-04T00:00:00",
        "db": "BID",
        "id": "105713"
      },
      {
        "date": "2018-12-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "date": "2018-10-04T21:29:01.983000",
        "db": "NVD",
        "id": "CVE-2018-17891"
      },
      {
        "date": "2018-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "date": "2018-10-04T00:00:00",
        "db": "BID",
        "id": "105713"
      },
      {
        "date": "2018-12-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010568"
      },
      {
        "date": "2019-10-09T23:37:00.050000",
        "db": "NVD",
        "id": "CVE-2018-17891"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carestream Vue RIS Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "7d856950-463f-11e9-bb98-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21171"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-156"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-17891

Vulnerability from fkie_nvd - Published: 2018-10-04 21:29 - Updated: 2024-11-21 03:55

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01	Mitigation, Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	carestream	carestream_vue_ris	*
	microsoft	windows_8.1	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carestream:carestream_vue_ris:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F6791A-EFC3-4565-82A4-1A0A947D0559",
              "versionEndIncluding": "11.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack."
    },
    {
      "lang": "es",
      "value": "En Carestream Vue RIS, RIS Client Builds en versiones 11.2 y anteriores que se ejecute en una m\u00e1quina Windows 8.1 con IIS/7.5, al contactar con un servidor Carestream donde no hay un listener TNS de Oracle disponible, los usuarios activar\u00e1n un error HTTP 500, filtrando informaci\u00f3n t\u00e9cnica que un atacante podr\u00eda usar para iniciar un ataque m\u00e1s elaborado."
    }
  ],
  "id": "CVE-2018-17891",
  "lastModified": "2024-11-21T03:55:09.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-04T21:29:01.983",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSMA-18-277-01

Vulnerability from csaf_cisa - Published: 2018-10-04 00:00 - Updated: 2018-10-04 00:00

Summary

Carestream Vue RIS

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

An attacker with access to the network of the affected system can passively read traffic.

Critical infrastructure sectors

Healthcare and Public Health

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability. High skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Dan Regalado"
        ],
        "organization": "Zingbox",
        "summary": "reporting this vulnerability to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "An attacker with access to the network of the affected system can passively read traffic.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare and Public Health",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. High skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-277-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-277-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-277-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-277-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Carestream Vue RIS",
    "tracking": {
      "current_release_date": "2018-10-04T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-18-277-01",
      "initial_release_date": "2018-10-04T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-10-04T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-18-277-01 Carestream Vue RIS"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=11.2 on Windows 8.1 with IIS 7.5",
                "product": {
                  "name": "RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "RIS Client Builds"
          }
        ],
        "category": "vendor",
        "name": "Carestream"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-17891",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.CVE-2018-17891 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17891"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Carestream has remediated the vulnerability in the current version of the software and have provided the following workarounds for past versions which are affected. Given the mitigation instructions provided, this vulnerability is considered controlled vs. uncontrolled.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Please contact Carestream Support for assistance. Carestream contact information is available at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.carestream.com/en/us/medical/contact-us/world-wide-contacts.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.carestream.com/en/us/medical/contact-us/world-wide-contacts"
        },
        {
          "category": "vendor_fix",
          "details": "Users can open a request through the eService portal at: https://eservice.carestream.com.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://eservice.carestream.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

GSD-2018-17891

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-17891

Aliases

CVE-2018-17891

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-17891",
    "description": "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.",
    "id": "GSD-2018-17891"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-17891"
      ],
      "details": "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.",
      "id": "GSD-2018-17891",
      "modified": "2023-12-13T01:22:31.219782Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2018-10-04T00:00:00",
        "ID": "CVE-2018-17891",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Vue RIS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Carestream"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:carestream:carestream_vue_ris:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-17891"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-10-09T23:37Z",
      "publishedDate": "2018-10-04T21:29Z"
    }
  }
}

GHSA-G72Q-524Q-PHRP

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33

Details

Severity ?

3.7 (Low)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-17891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-04T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.",
  "id": "GHSA-g72q-524q-phrp",
  "modified": "2022-05-13T01:33:48Z",
  "published": "2022-05-13T01:33:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17891"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-21171

Vulnerability from cnvd - Published: 2018-10-17

Title

Carestream Vue RIS信息泄露漏洞

Description

Carestream Vue RIS是一款基于网络的放射学信息系统。运行在安装了IIS/7.5的Windows 8.1计算机上的Carestream Vue RIS, RIS Client Builds 11.2及之前版本中存在安全漏洞。攻击者可利用该漏洞获取技术信息。

Severity

低

Patch Name

Carestream Vue RIS信息泄露漏洞的补丁

Patch Description

Carestream Vue RIS是一款基于网络的放射学信息系统。运行在安装了IIS/7.5的Windows 8.1计算机上的Carestream Vue RIS, RIS Client Builds 11.2及之前版本中存在安全漏洞。攻击者可利用该漏洞获取技术信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.carestream.com/

Impacted products

Name
Carestream Vue RIS <=11.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17891"
    }
  },
  "description": "Carestream Vue RIS\u662f\u4e00\u6b3e\u57fa\u4e8e\u7f51\u7edc\u7684\u653e\u5c04\u5b66\u4fe1\u606f\u7cfb\u7edf\u3002\r\n\r\n\u8fd0\u884c\u5728\u5b89\u88c5\u4e86IIS/7.5\u7684Windows 8.1\u8ba1\u7b97\u673a\u4e0a\u7684Carestream Vue RIS, RIS Client Builds 11.2\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6280\u672f\u4fe1\u606f\u3002",
  "discovererName": "Dan Regalado",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a \r\nhttps://www.carestream.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-21171",
  "openTime": "2018-10-17",
  "patchDescription": "Carestream Vue RIS\u662f\u4e00\u6b3e\u57fa\u4e8e\u7f51\u7edc\u7684\u653e\u5c04\u5b66\u4fe1\u606f\u7cfb\u7edf\u3002\r\n\r\n\u8fd0\u884c\u5728\u5b89\u88c5\u4e86IIS/7.5\u7684Windows 8.1\u8ba1\u7b97\u673a\u4e0a\u7684Carestream Vue RIS, RIS Client Builds 11.2\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6280\u672f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Carestream Vue RIS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Carestream Vue RIS \u003c=11.2"
  },
  "serverity": "\u4f4e",
  "submitTime": "2018-10-17",
  "title": "Carestream Vue RIS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-17891 (GCVE-0-2018-17891)

VAR-201810-0478

FKIE_CVE-2018-17891

ICSMA-18-277-01

GSD-2018-17891

GHSA-G72Q-524Q-PHRP

CNVD-2018-21171

Tags

Sightings

Nomenclature