Path Traversal Vulnerability in Philips Vue MyVue PACS 12.2.x.x

Path Traversal Vulnerability in Philips Vue MyVue PACS 12.2.x.x

CVE-2021-39369 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.

Learn more about our Web App Pen Testing.