CVE-2020-14525 - Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize

CVE-2020-14525

Summary

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.

References

https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01

Vulnerable Configurations

cpe:2.3:a:philips:clinical_collaboration_platform:12.2.1:*:*:*:*:*:*:*
cpe:2.3:a:philips:clinical_collaboration_platform:12.2.1:*:*:*:*:*:*:*

CVSS

Base:	2.7 (as of 25-09-2020 - 18:51)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:A/AC:L/Au:S/C:P/I:N/A:N

refmap via4

misc

https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01

Last major update

25-09-2020 - 18:51

Published

18-09-2020 - 18:15

Last modified

25-09-2020 - 18:51