This vulnerability exists within a third party software component (Redis).ĬVE-2018-12326 and CVE-2018-11218 has been assigned to this vulnerability. The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. 4.2.2 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 A CVSS v3 base score of 9.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.ĬVE-2020-1938 has been assigned to this vulnerability. Vue Motion: Versions 12.2.1.5 and priorĤ.2 VULNERABILITY OVERVIEW 4.2.1 IMPROPER INPUT VALIDATION CWE-20.Vue Speech: Versions 12.2.x.x and prior.Philips reports these vulnerabilities affect the following Vue PACS products: Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity in such a way as to negatively impact the confidentiality, integrity, or availability of the system. This updated advisory is a follow-up to the advisory update titled ICSMA-21-87-01 Philips Vue PACS (Update A) that was published January 20, 2022, to the ICS webpage on 3. Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Improper Authentication, Improper Initialization, Use of a Broken or Risky Cryptographic Algorithm, Protection Mechanism Failure, Use of a Key Past its Expiration Date, Insecure Default Initialization of Resource, Improper Handling of Unicode Encoding, Insufficiently Protected Credentials, Data Integrity Issues, Cross-site Scripting, Improper Neutralization, Use of Obsolete Function, Relative Path Traversal.ATTENTION: Exploitable remotely/low attack complexity.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |