Vulnerability Description
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Carestream | Carestream Vue Ris | <= 11.2 |
| Microsoft | Windows 8.1 | All versions |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01MitigationThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-17891?
CVE-2018-17891 is a vulnerability with a CVSS score of 3.7 (LOW). Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users ...
How severe is CVE-2018-17891?
CVE-2018-17891 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-17891?
Check the references section above for vendor advisories and patch information. Affected products include: Carestream Carestream Vue Ris, Microsoft Windows 8.1.