#VU54386 Cleartext transmission of sensitive information in Interoperability Solution XDS - CVE-2021-32966
Published: June 25, 2021
Vulnerability identifier: #VU54386
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-32966
CWE-ID: CWE-319
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Interoperability Solution XDS
Interoperability Solution XDS
Software vendor:
Philips
Philips
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals. A remote attacker with ability to intercept network traffic can remotely read LDAP system credentials.
Remediation
Install updates from vendor's website.