← back
CVE-2018-17891

CVE-2018-17891

EPSS 0.7%CWE-209
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Oct 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.
Affected products
Carestream · Vue RIS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01