CVE-2021-32966

Name of the Vulnerable Software and Affected Versions Philips Interoperability Solution XDS versions 2.5 through 3.11 Philips Interoperability Solution XDS versions 2018-1 through 2021-1

Description The issue concerns the clear text transmission of sensitive information when the solution is configured to use LDAP via TLS and the domain controller returns LDAP referrals. This may allow an attacker to remotely read LDAP system credentials.

Recommendations For Philips Interoperability Solution XDS versions 2.5 through 3.11, consider reconfiguring the LDAP settings to prevent clear text transmission of sensitive information. For Philips Interoperability Solution XDS versions 2018-1 through 2021-1, consider reconfiguring the LDAP settings to prevent clear text transmission of sensitive information. As a temporary workaround, consider disabling the use of LDAP referrals until a patch is available.