{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T03:06:06.926","vulnerabilities":[{"cve":{"id":"CVE-2018-17891","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2018-10-04T21:29:01.983","lastModified":"2024-11-21T03:55:09.010","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack."},{"lang":"es","value":"En Carestream Vue RIS, RIS Client Builds en versiones 11.2 y anteriores que se ejecute en una máquina Windows 8.1 con IIS/7.5, al contactar con un servidor Carestream donde no hay un listener TNS de Oracle disponible, los usuarios activarán un error HTTP 500, filtrando información técnica que un atacante podría usar para iniciar un ataque más elaborado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:carestream:carestream_vue_ris:*:*:*:*:*:*:*:*","versionEndIncluding":"11.2","matchCriteriaId":"E7F6791A-EFC3-4565-82A4-1A0A947D0559"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*","matchCriteriaId":"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F"}]}]}],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}}]}