Search criteria
3 vulnerabilities found for Interoperability Solution XDS by Philips
VAR-202106-1969
Vulnerability from variot - Updated: 2024-08-14 12:27Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. Philips Provided by the company Interoperability Solution XDS document sharing system is a medical document sharing system. (CWE-319 , CVE-2021-32966) There is a vulnerability to this.By a remote third party, LDAP credentials could be read. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Philips Interoperability Solution XDS is a European Philips (Philips) company's solution. Provides an open standards-based platform that supports all types of medical images and clinical information. Philips Interoperability Solution XDS has a security vulnerability, which stems from. The vulnerability could allow a remote attacker to gain access to sensitive information. Affected products and versions are as follows: Interoperability Solution XDS: 2.5, 3.11, 2018-1, 2021-1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1969",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interoperability solution xds",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "3.11"
},
{
"model": "interoperability solution xds",
"scope": "gte",
"trust": 1.0,
"vendor": "philips",
"version": "2018-1"
},
{
"model": "interoperability solution xds",
"scope": "gte",
"trust": 1.0,
"vendor": "philips",
"version": "2.5"
},
{
"model": "interoperability solution xds",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "2021-1"
},
{
"model": "interoperability solution xds document sharing system",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": "v2018-1 to v2021-1 to"
},
{
"model": "interoperability solution xds document sharing system",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": null
},
{
"model": "interoperability solution xds document sharing system",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": "v2.5 to v3.11 to"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
}
],
"trust": 0.6
},
"cve": "CVE-2021-32966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-32966",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-392952",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32966",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2021-32966",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-001893",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32966",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32966",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2021-32966",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1653",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-392952",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-32966",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. Philips Provided by the company Interoperability Solution XDS document sharing system is a medical document sharing system. (CWE-319 , CVE-2021-32966) There is a vulnerability to this.By a remote third party, LDAP credentials could be read. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Philips Interoperability Solution XDS is a European Philips (Philips) company\u0027s solution. Provides an open standards-based platform that supports all types of medical images and clinical information. Philips Interoperability Solution XDS has a security vulnerability, which stems from. The vulnerability could allow a remote attacker to gain access to sensitive information. Affected products and versions are as follows: Interoperability Solution XDS: 2.5, 3.11, 2018-1, 2021-1",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32966",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-21-175-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU93414026",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2235",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062503",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392952",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-32966",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"id": "VAR-202106-1969",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:27:04.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer\u00a0Service\u00a0Solutions",
"trust": 0.8,
"url": "https://www.philips.com/a-w/security/security-advisories.html"
},
{
"title": "Philips Interoperability Solution XDS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155089"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "Sending important information in clear text (CWE-319) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-175-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu93414026"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32966"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2235"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062503"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-32966/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-392952"
},
{
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-392952"
},
{
"date": "2022-05-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"date": "2021-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"date": "2021-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-25T14:15:08.380000",
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-392952"
},
{
"date": "2022-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32966"
},
{
"date": "2024-06-18T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-001893"
},
{
"date": "2022-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-06-08T14:29:06.183000",
"db": "NVD",
"id": "CVE-2021-32966"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips\u00a0 Made \u00a0Interoperability\u00a0Solution\u00a0XDS\u00a0 Vulnerability of sending important information in plain text",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1653"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 1.2
}
}
CVE-2021-32966 (GCVE-0-2021-32966)
Vulnerability from nvd – Published: 2022-05-25 13:29 – Updated: 2025-04-16 16:18
VLAI?
Title
Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information
Summary
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
Severity ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Interoperability Solution XDS |
Affected:
2.5 through 3.11
Affected: 2018-1 through 2021-1 |
Credits
Philips reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:45.939987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:18:31.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Interoperability Solution XDS",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "2.5 through 3.11"
},
{
"status": "affected",
"version": "2018-1 through 2021-1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philips reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T13:29:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01"
}
],
"source": {
"advisory": "ICSMA-21-175-01",
"discovery": "UNKNOWN"
},
"title": "Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32966",
"STATE": "PUBLIC",
"TITLE": "Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Interoperability Solution XDS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.5 through 3.11"
},
{
"version_affected": "=",
"version_value": "2018-1 through 2021-1"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Philips reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01"
}
]
},
"source": {
"advisory": "ICSMA-21-175-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32966",
"datePublished": "2022-05-25T13:29:03.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:18:31.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32966 (GCVE-0-2021-32966)
Vulnerability from cvelistv5 – Published: 2022-05-25 13:29 – Updated: 2025-04-16 16:18
VLAI?
Title
Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information
Summary
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
Severity ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Interoperability Solution XDS |
Affected:
2.5 through 3.11
Affected: 2018-1 through 2021-1 |
Credits
Philips reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:45.939987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:18:31.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Interoperability Solution XDS",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "2.5 through 3.11"
},
{
"status": "affected",
"version": "2018-1 through 2021-1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philips reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T13:29:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01"
}
],
"source": {
"advisory": "ICSMA-21-175-01",
"discovery": "UNKNOWN"
},
"title": "Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32966",
"STATE": "PUBLIC",
"TITLE": "Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Interoperability Solution XDS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.5 through 3.11"
},
{
"version_affected": "=",
"version_value": "2018-1 through 2021-1"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Philips reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01"
}
]
},
"source": {
"advisory": "ICSMA-21-175-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32966",
"datePublished": "2022-05-25T13:29:03.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:18:31.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}