{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using \"SuperSecretPassword\" as the hardcoded password, which allows local users to obtain the private key."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "99518", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/99518"}, {"name": "20131106 CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html"}, {"name": "63566", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63566"}, {"name": "osirix-cve20134425-info-disc(88606)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88606"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4425", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using \"SuperSecretPassword\" as the hardcoded password, which allows local users to obtain the private key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "99518", "refsource": "OSVDB", "url": "http://osvdb.org/99518"}, {"name": "20131106 CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html"}, {"name": "63566", "refsource": "BID", "url": "http://www.securityfocus.com/bid/63566"}, {"name": "osirix-cve20134425-info-disc(88606)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88606"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4425", "datePublished": "2013-11-15T18:16:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osirix-viewer:osirix:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ACA57B1-0AE6-4E58-A7C2-5B46DF2B0D46", "versionEndIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "631075E1-6A87-4A2D-A3EA-C3DBA963F8F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "981FC72F-2DCA-4D7E-8CDF-9ED2AB2F0474", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD7E9F6E-4E6F-4979-BEDF-18F92412623E", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CAA1942D-169B-4B5B-AE4B-F842BA7ADF8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "760D1BA0-2018-4DB2-9426-A4E9EA634A49", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F2AB9703-567E-435E-A022-DF0A5292CE26", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "96802751-1914-40DA-AEB8-CED296A751A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "A7CF62F8-F92C-4B52-A3BF-63C377688B44", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0210D44-C254-4467-90FB-C7CC370F50FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "88EDF921-80B6-4F7F-A93B-0049D6F051BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "697FBDAC-6A72-4BCD-B787-AB0FC2D718D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "465C5E82-3B85-478C-B471-C00F4388686A", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "867BFEA0-F910-4D99-B10E-1E46AF074339", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "306F9D56-21B3-4A97-9C36-85092D534C84", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "852F304B-89AD-40C5-8050-7B8F2A9E1B70", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "ED266897-E426-4BEC-A4D9-D9802277EB6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "EFA8659D-175A-4A46-A426-0BC47C12C169", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "167E5338-D231-4EFF-B66C-565A93B3855B", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0160C3FC-6BFC-4323-BD06-CE177CD92431", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "96D8F007-7A4C-4D61-8EC2-B99FCF7A4CE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "B3584D9B-3F0D-4A2E-B971-B3732AFEAA98", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A68C0BB7-E405-49E1-A43C-24E9C6E9AFC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2B924D71-358B-4D97-845A-DA1D7B89A242", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "181C32F3-C620-493B-98CC-FF792BD34FFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "BB80517C-82E8-4D4D-9921-C89D9D15EE10", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "094B03AB-2C13-46CB-8C4A-759A97BA5AF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0ED8E46-A943-4D27-9B66-96206A12CD99", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "67B25A19-9112-44FE-B877-4F6159476EA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8DC6606E-BD41-4AE3-87CE-A1F3B0EABD8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "96B8A72A-8239-430C-8F69-E94A9540E8FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BDC3A980-7E84-4960-8FA3-A21D786A8ECD", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "CAD5D0CD-9688-409E-A9A9-BE3B75775EC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "27EFD0EE-3BC1-4269-9FE5-20B12D0B3BB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "877E8EE1-7A54-4D0E-BAC4-A08F3E483CA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "872EADD2-FD26-4B3E-BFE5-003A415C8761", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FB7942E-C334-41B8-B3E0-C86FDD45C250", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA5FD5A4-5F88-49BA-B752-E56CD247A2AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D6EE898E-365C-4C89-8889-ED14AC1000AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A8DF990-449D-43E8-8E4E-EF1B1EE82AC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BBD6CF2-A7C4-4F8C-B3A2-51BC54B73598", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osirix-viewer:osirix_md:*:*:*:*:*:*:*:*", "matchCriteriaId": "83BAC0F7-4CDA-4D8F-ADBD-FF01647A58C8", "versionEndIncluding": "2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using \"SuperSecretPassword\" as the hardcoded password, which allows local users to obtain the private key."}, {"lang": "es", "value": "El listener DICOM en OsiriX anterior a la versi\u00f3n 5.8 y anterior a 2.5-MD, durante su inicio, cifra el archivo de clave privada TLS usando \"SuperSecretPassword\" como contrase\u00f1a incrustada en el c\u00f3digo, lo que permite a usuarios locales obtener la llave privada."}], "evaluatorComment": "According to several reference links Osirix MD before 2.8 are vulnerable\n\nhttp://www.securityfocus.com/bid/63566/discuss\n\nhttp://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html", "id": "CVE-2013-4425", "lastModified": "2017-08-29T01:33:37.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-18T02:55:07.687", "references": [{"source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/99518"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/63566"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88606"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}