Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-32966

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.

Published

2022-05-25T14:15:08.380

Last Modified

2024-11-21T06:08:01.373

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	philips	interoperability_solution_xds	≤ 3.11	Yes
Application	philips	interoperability_solution_xds	≤ 2021-1	Yes

References

https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01 Mitigation, Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01 Mitigation, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)