CVE-2018-17891

2018-10-0421:00:00

CWE-209

icscert

www.cve.org

AI Score

3.8

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.

CNA Affected

[
  {
    "product": "Vue RIS",
    "vendor": "Carestream",
    "versions": [
      {
        "status": "affected",
        "version": "RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5"
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSMA-18-277-01