CVE-2021-39369

2022-12-2600:00:00

mitre

www.cve.org

philips

carestream

pacs

path traversal

vulnerability

authenticated users

web root

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.

References

www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

www.usa.philips.com/healthcare

www.youtube.com/watch?v=7zC84TNpIxw