CVE-2021-32966
LOWPhilips Interoperability Solution XDS 2.5-3.11 - Cleartext Transmission of Sensitive Information via LDAP Referrals
Title source: llmDescription
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
References (1)
Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01
Scores
CVSS v3
3.7
EPSS
0.0042
EPSS Percentile
33.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
Status
published
Products (1)
philips/interoperability_solution_xds
2.5 - 3.11
Published
May 25, 2022
Tracked Since
Feb 18, 2026