First published: Wed May 25 2022(Updated: )
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Philips Interoperability Solution XDS | >=2.5<=3.11 | |
Philips Interoperability Solution XDS | >=2018-1<=2021-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-32966.
Versions 2.5 through 3.11 and 2018-1 through 2021-1 of Philips Interoperability Solution XDS are affected.
CVE-2021-32966 has a severity rating of 7.5 (high).
This vulnerability allows for clear text transmission of sensitive information when configured to use LDAP via TLS and when the domain controller returns LDAP referrals.
An attacker can remotely read LDAP sfrom the affected system.