Lucene search
HistoryDec 26, 2022 - 6:15 a.m.
CVE-2021-39369
philips
vue myvue
pacs
path traversal
videostream
authenticated users
web root
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
57.5%
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
Affected configurations
Node
philipsmyvueMatch-
ORphilipsspeechMatch-
ORphilipsvue_motionRange≤12.2.1.5
ORphilipsvue_pacsMatch-
Related
prion
prion
Path traversal
2022-12-26 06:15:00
cvelist
cvelist
CVE-2021-39369
2022-12-26 00:00:00
cve
cve
CVE-2021-39369
2022-12-26 06:15:10
ics
ics
Philips Vue PACS (Update C)
2023-02-21 12:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
57.5%
Related for NVD:CVE-2021-39369