VAR-202106-1969
Vulnerability from variot - Updated: 2023-12-18 11:11Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. Philips Provided by the company Interoperability Solution XDS document sharing system Is a medical document sharing system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Philips Interoperability Solution XDS is a European Philips (Philips) company's solution. Provides an open standards-based platform that supports all types of medical images and clinical information. Philips Interoperability Solution XDS has a security vulnerability, which stems from. A remote attacker with the ability to intercept network communications can exploit this vulnerability to remotely read LDAP system credentials. The vulnerability could allow a remote attacker to gain access to sensitive information. Affected products and versions are as follows: Interoperability Solution XDS: 2.5, 3.11, 2018-1, 2021-1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1969",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interoperability solution xds",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "2021-1"
},
{
"model": "interoperability solution xds",
"scope": "gte",
"trust": 1.0,
"vendor": "philips",
"version": "2018-1"
},
{
"model": "interoperability solution xds",
"scope": "gte",
"trust": 1.0,
"vendor": "philips",
"version": "2.5"
},
{
"model": "interoperability solution xds",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "3.11"
},
{
"model": "interoperability solution xds document sharing system",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": "v2.5 from v3.11 until"
},
{
"model": "interoperability solution xds document sharing system",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": null
},
{
"model": "interoperability solution xds document sharing system",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": "v2018-1 from v2021-1 until"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:interoperability_solution_xds:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2021-1",
"versionStartIncluding": "2018-1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interoperability_solution_xds:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.11",
"versionStartIncluding": "2.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
}
],
"trust": 0.6
},
"cve": "CVE-2021-32966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-392952",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-32966",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-001893",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-32966",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32966",
"trust": 1.0,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2021-001893",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1653",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-392952",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-32966",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. Philips Provided by the company Interoperability Solution XDS document sharing system Is a medical document sharing system. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Philips Interoperability Solution XDS is a European Philips (Philips) company\u0027s solution. Provides an open standards-based platform that supports all types of medical images and clinical information. Philips Interoperability Solution XDS has a security vulnerability, which stems from. A remote attacker with the ability to intercept network communications can exploit this vulnerability to remotely read LDAP system credentials. The vulnerability could allow a remote attacker to gain access to sensitive information. Affected products and versions are as follows: Interoperability Solution XDS: 2.5, 3.11, 2018-1, 2021-1",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32966",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSMA-21-175-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU93414026",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2235",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062503",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392952",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-32966",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202106-1969",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:11:36.955000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer\u00a0Service\u00a0Solutions",
"trust": 0.8,
"url": "https://www.philips.com/a-w/security/security-advisories.html"
},
{
"title": "Philips Interoperability Solution XDS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155089"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "Sending important information in clear text (CWE-319) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-175-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu93414026"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2235"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062503"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-32966/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-392952"
},
{
"date": "2022-05-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"date": "2021-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"date": "2022-05-25T14:15:08.380000",
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"date": "2021-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-392952"
},
{
"date": "2022-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"date": "2021-06-29T05:52:00",
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"date": "2022-06-08T14:29:06.183000",
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"date": "2022-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips\u00a0 Made \u00a0Interoperability\u00a0Solution\u00a0XDS\u00a0 Vulnerability in plaintext transmission of important information",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…