CVE-2021-39369 Information

Description

In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01 https://www.usa.philips.com/healthcare https://www.youtube.com/watch?v=7zC84TNpIxw