CVE-2021-39369

medium

Description

In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.

References

https://www.youtube.com/watch?v=7zC84TNpIxw

https://www.usa.philips.com/healthcare

https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

Details

Source: Mitre, NVD

Published: 2022-12-26

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N