Описание
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия от 2.5 (включая) до 3.11 (включая)Версия от 2018-1 (включая) до 2021-1 (включая)
Одно из
cpe:2.3:a:philips:interoperability_solution_xds:*:*:*:*:*:*:*:*
cpe:2.3:a:philips:interoperability_solution_xds:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00104
Низкий
3.7 Low
CVSS3
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
EPSS
Процентиль: 29%
0.00104
Низкий
3.7 Low
CVSS3
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319