CVE-2021-39369
MEDIUM WAF: High
CVSS 6.5
Published: 2022-12-26
CWE-22 CWE-22
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| philips | myvue | - |
| philips | speech | - |
| philips | vue_motion | up to 12.2.1.5 |
| philips | vue_pacs | - |
References
- www.cisa.gov (Mitigation, Third Party Advisory, US Government Resource)
- www.usa.philips.com (Vendor Advisory)
- www.youtube.com (Product)