CVE-2021-39369: Path Traversal
First published: Mon Dec 26 2022(Updated: )
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Myvue | ||
| Philips Speech | ||
| Philips Vue Motion | <=12.2.1.5 | |
| Philips Vue PACS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-39369.
What is the severity of CVE-2021-39369?
The severity of CVE-2021-39369 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2021-39369?
Philips Vue MyVue PACS versions up to 12.2.x.x are affected by CVE-2021-39369.
What is the potential impact of CVE-2021-39369?
Authenticated users can perform path traversal and access files outside of the web root.
Are there any references or additional resources related to CVE-2021-39369?
Yes, you can find additional information about CVE-2021-39369 in the references provided: [link 1](https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01), [link 2](https://www.usa.philips.com/healthcare), [link 3](https://www.youtube.com/watch?v=7zC84TNpIxw).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/philips
- canonical/philips myvue
- canonical/philips speech
- canonical/philips vue motion
- version/philips vue motion/12.2.1.5
- canonical/philips vue pacs