Back to search
CVE-2018-17891
Published: Oct 4, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.
| Vendor | Product | Versions |
|---|---|---|
Carestream | Vue RIS | affected RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5 |
Weaknesses (CWE)
References
https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now