Is CVE-2021-39369 actively exploited?

CVE-2021-39369 has no public evidence of in-the-wild exploitation as of 2025-04-14.

What is the CVSS score for CVE-2021-39369?

CVE-2021-39369 has a CVSS score of 6.5 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2021-39369?

Patch guidance is available from philips security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-39369.

CVE-2021-39369 - remediation guidance & executive summary

Q: Which products are affected by CVE-2021-39369?

4 products: philips myvue, philips speech, philips vue motion, philips vue pacs.

Description

In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-22 · Path Traversal CWE-22 · Path Traversal

Metadata

Primary Vendor: PHILIPS
Published: 12/26/2022
Last Modified: 4/14/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

philips : myvuephilips : speechphilips : vue_motionphilips : vue_pacs

Remediation Guidance

Executive Summary

Cite this page

CVE-2021-39369. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2021-39369

View on NIST NVD

CVE-2021-39369 vulnerability