CVE-2021-39369
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-04 02:06
Severity ?
EPSS score ?
Summary
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01 | Mitigation, Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.usa.philips.com/healthcare | Vendor Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=7zC84TNpIxw | Product |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=7zC84TNpIxw"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.youtube.com/watch?v=7zC84TNpIxw"
},
{
"url": "https://www.usa.philips.com/healthcare"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39369",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2021-08-22T00:00:00",
"dateUpdated": "2024-08-04T02:06:42.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-39369\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-12-26T06:15:10.617\",\"lastModified\":\"2023-01-05T04:49:19.460\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.\"},{\"lang\":\"es\",\"value\":\"En Philips (anteriormente Carestream) Vue MyVue PACS hasta 12.2.xx, la funci\u00f3n VideoStream permite que usuarios autenticados realicen Path Traversal para acceder a archivos almacenados fuera de la ra\u00edz web.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:philips:myvue:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"005F8DBC-89E9-41B2-87FF-5A915722526A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:philips:speech:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F89D027-058F-4F9C-8FA0-5DA010DF5E56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:philips:vue_motion:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.2.1.5\",\"matchCriteriaId\":\"BDBF4274-A4B5-44C1-B164-2F0AA8CE4F8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:philips:vue_pacs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EFFDEB6-EF45-4AA3-BF17-FCE171ACD20F\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.usa.philips.com/healthcare\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.youtube.com/watch?v=7zC84TNpIxw\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.