CVE-2021-32966
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Philips | Interoperability Solution XDS | 2.5 through 3.11 | affected |
| Philips | Interoperability Solution XDS | 2018-1 through 2021-1 | affected |
Weaknesses
- CWE-319: CWE-319 Cleartext Transmission of Sensitive Information
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.