Cleartext transmission of sensitive information in Interoperability Solution XDS - CVE-2021-32966

 

Cleartext transmission of sensitive information in Interoperability Solution XDS - CVE-2021-32966

Published: June 25, 2021


Vulnerability identifier: #VU54386
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-32966
CWE-ID: CWE-319
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Philips
Affected software:
Interoperability Solution XDS

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals. A remote attacker with ability to intercept network traffic can remotely read LDAP system credentials.


How to mitigate CVE-2021-32966

Install updates from vendor's website.

Sources