Vulnerability Description
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Philips | Myvue | - |
| Philips | Speech | - |
| Philips | Vue Motion | <= 12.2.1.5 |
| Philips | Vue Pacs | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01MitigationThird Party AdvisoryUS Government Resource
- https://www.usa.philips.com/healthcareVendor Advisory
- https://www.youtube.com/watch?v=7zC84TNpIxwProduct
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01MitigationThird Party AdvisoryUS Government Resource
- https://www.usa.philips.com/healthcareVendor Advisory
- https://www.youtube.com/watch?v=7zC84TNpIxwProduct
FAQ
What is CVE-2021-39369?
CVE-2021-39369 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
How severe is CVE-2021-39369?
CVE-2021-39369 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39369?
Check the references section above for vendor advisories and patch information. Affected products include: Philips Myvue, Philips Speech, Philips Vue Motion, Philips Vue Pacs.