CVE-2018-17891
N/A
N/A
Summary
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Carestream | Vue RIS | RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5 | affected |
Weaknesses
- CWE-209: INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.