Описание
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
- Product
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 12.2.1.5 (включая)
Одно из
cpe:2.3:a:philips:myvue:-:*:*:*:*:*:*:*
cpe:2.3:a:philips:speech:-:*:*:*:*:*:*:*
cpe:2.3:a:philips:vue_motion:*:*:*:*:*:*:*:*
cpe:2.3:a:philips:vue_pacs:-:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00419
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
около 3 лет назад
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
EPSS
Процентиль: 61%
0.00419
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22
CWE-22